GPG error public key is not available: NO_PUBKEY B53DC80D13EDEF05: during VM creation using Vagrant

Question

I am trying to install a K8s cluster VM nodes using Vagrant and relevant install shell script (listed below). I tried some of the suggestions in similar questions, but they did not help my case. I am using virtualbox version 6.1.40 on Windows 11.

The common.sh script, which prepares each VM with common package install is resulting into the following error.

controller24: W: GPG error: https://packages.cloud.google.com/apt kubernetes-xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
        controller24: E: The repository 'https://apt.kubernetes.io kubernetes-xenial InRelease' is not signed.

The common.sh file is as below.

#!/bin/bash
#
# Common setup for all servers (Control Plane and Nodes)

set -euxo pipefail

# Variable Declaration

KUBERNETES_VERSION="1.24.10-00"

# DNS Setting
sudo mkdir /etc/systemd/resolved.conf.d/
cat <<EOF | sudo tee /etc/systemd/resolved.conf.d/dns_servers.conf
[Resolve]
DNS=8.8.8.8 1.1.1.1
EOF

sudo systemctl restart systemd-resolved

# disable swap
sudo swapoff -a

# keeps the swaf off during reboot
(crontab -l 2>/dev/null; echo "@reboot /sbin/swapoff -a") | crontab - || true
sudo apt-get update -y
# Install CRI-O Runtime

OS="xUbuntu_22.10"

VERSION="1.24"

# Create the .conf file to load the modules at bootup
cat <<EOF | sudo tee /etc/modules-load.d/crio.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

# Set up required sysctl params, these persist across reboots.
cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
net.bridge.bridge-nf-call-iptables  = 1
net.ipv4.ip_forward                 = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sudo sysctl --system

cat <<EOF | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/ /
EOF
cat <<EOF | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:$VERSION.list
deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/ /
EOF

curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/$VERSION/$OS/Release.key | sudo apt-key --keyring /etc/apt/trusted.gpg.d/libcontainers.gpg add -
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/$OS/Release.key | sudo apt-key --keyring /etc/apt/trusted.gpg.d/libcontainers.gpg add -

sudo apt-get update
sudo apt-get install cri-o cri-o-runc -y

sudo systemctl daemon-reload
sudo systemctl enable crio --now

echo "CRI runtime installed susccessfully"

sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl
sudo curl  -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update -y
sudo apt-get install -y kubelet="$KUBERNETES_VERSION" kubectl="$KUBERNETES_VERSION" kubeadm="$KUBERNETES_VERSION"
sudo apt-get update -y
sudo apt-get install -y jq

local_ip="$(ip --json a s | jq -r '.[] | if .ifname == "eth1" then .addr_info[] | if .family == "inet" then .local else empty end else empty end')"
cat > /etc/default/kubelet << EOF
KUBELET_EXTRA_ARGS=--node-ip=$local_ip
EOF

Detailed vagrant logs are here:

    controller24: + sudo apt-get update
    controller24: Hit:1 http://us.archive.ubuntu.com/ubuntu jammy InRelease
    controller24: Hit:2 http://us.archive.ubuntu.com/ubuntu jammy-updates InRelease
    controller24: Hit:3 http://us.archive.ubuntu.com/ubuntu jammy-backports InRelease
    controller24: Hit:4 http://us.archive.ubuntu.com/ubuntu jammy-security InRelease
    controller24: Get:5 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.24/xUbuntu_20.04  InRelease [1,632 B]
    controller24: Get:6 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease [1,642 B]
    controller24: Fetched 3,274 B in 1s (3,874 B/s)
    controller24: Reading package lists...
    controller24: + echo 'deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main'
    controller24: + sudo tee /etc/apt/sources.list.d/kubernetes.list
    controller24: deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main
    controller24: + sudo apt-get update -y
    controller24: Hit:1 http://us.archive.ubuntu.com/ubuntu jammy InRelease
    controller24: Hit:2 http://us.archive.ubuntu.com/ubuntu jammy-updates InRelease
    controller24: Get:4 http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.24/xUbuntu_20.04  InRelease [1,632 B]
    controller24: Hit:5 http://us.archive.ubuntu.com/ubuntu jammy-backports InRelease
    controller24: Hit:6 http://us.archive.ubuntu.com/ubuntu jammy-security InRelease
    controller24: Get:3 https://packages.cloud.google.com/apt kubernetes-xenial InRelease [8,993 B]
    controller24: Err:3 https://packages.cloud.google.com/apt kubernetes-xenial InRelease
    controller24:   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
    controller24: Get:7 https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04  InRelease [1,642 B]
    controller24: Reading package lists...
    controller24: W: GPG error: https://packages.cloud.google.com/apt kubernetes-xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
    controller24: E: The repository 'https://apt.kubernetes.io kubernetes-xenial InRelease' is not signed.
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

Answer 1

I found the solution here

https://github.com/kubernetes/k8s.io/pull/4837#issuecomment-1446426585

You need to change the URL to

https://dl.k8s.io/apt/doc/apt-key.gpg

Answer 2

curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg| gpg -o /usr/share/keyrings/kubernetes-archive-keyring.gpg --dearmor

apt-get update

Answer 3

sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update -y

Answer 4

If all other methods fail you (like they failed me today, including Ubuntu's snap), try these perma links maintained by the competing cloud vendor:

##############################################################################
# Amazon EKS maintains a list of perma-links to various kubectl versions here:
# https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html
##############################################################################

cd /tmp && curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.27.4/2023-08-16/bin/linux/amd64/kubectl

chmod +x /tmp/kubectl

sudo mv /tmp/kubectl /usr/local/bin/

kubectl version --short

Answer 5

Correct way to do is execute curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -

as per comment by thomas in https://groups.google.com/g/gce-discussion/c/zeGb4gdK2Iw?pli=1

It worked for me after trying

Answer 6

This fixed the problem for me.

Note the tilde on the end of the filename cloud.google.gpg~ (not a typo).

sudo rm -fr /usr/share/keyrings/cloud.google.gpg~
sudo curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg| sudo gpg -o /usr/share/keyrings/cloud.google.gpg --dearmor