From 1eb8be83092d98f76d7e5c292b285c5c755bf095 Mon Sep 17 00:00:00 2001 From: Marc Bihlmaier Date: Tue, 7 Nov 2023 04:00:59 +0100 Subject: [PATCH] update apt sources, add apt keyring gpg --- defaults/main.yml | 8 +++++--- tasks/setup-Debian.yml | 26 ++++++++++++++++++-------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 9827631..9b57ee4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -51,10 +51,12 @@ kubernetes_apiserver_advertise_address: '' kubernetes_version_kubeadm: 'stable-{{ kubernetes_version }}' kubernetes_ignore_preflight_errors: 'all' -kubernetes_apt_release_channel: main -# Note that xenial repo is used for all Debian derivatives at this time. -kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}" +kubernetes_apt_release_channel: "stable" +kubernetes_apt_keyring_file: "/etc/apt/keyrings/kubernetes-apt-keyring.gpg" +kubernetes_apt_repository_pkgs_k8s_io: "deb [signed-by={{ kubernetes_apt_keyring_file }}] https://pkgs.k8s.io/core:/{{ kubernetes_apt_release_channel }}:/v{{ kubernetes_version }}/deb/ /" kubernetes_apt_ignore_key_error: false +# this one is deprecated and will be deleted with this role +kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial {{ kubernetes_apt_release_channel }}" kubernetes_yum_arch: '$basearch' kubernetes_yum_base_url: "https://packages.cloud.google.com/yum/repos/kubernetes-el7-{{ kubernetes_yum_arch }}" diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 4a83a58..5628ba3 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -6,16 +6,26 @@ - ca-certificates state: present -- name: Add Kubernetes apt key. - apt_key: - url: https://packages.cloud.google.com/apt/doc/apt-key.gpg - state: present - register: add_repository_key - ignore_errors: "{{ kubernetes_apt_ignore_key_error }}" +- name: Prepare apt keyring directory. + ansible.builtin.file: + path: "{{ kubernetes_apt_keyring_file | dirname }}" + state: directory + mode: 0755 + +- name: Get Kubernetes apt key. + shell: "curl -fsSL https://pkgs.k8s.io/core:/{{ kubernetes_apt_release_channel }}:/v{{ kubernetes_version }}/deb/Release.key | gpg --dearmor -o {{ kubernetes_apt_keyring_file }}" + args: + creates: "{{ kubernetes_apt_keyring_file }}" + +- name: Be sure deprecated Kubernetes repository is absent. + file: + path: "/etc/apt/sources.list.d/apt_kubernetes_io.list" + state: absent - name: Add Kubernetes repository. - apt_repository: - repo: "{{ kubernetes_apt_repository }}" + ansible.builtin.apt_repository: + repo: "{{ kubernetes_apt_repository_pkgs_k8s_io }}" + filename: pkgs_k8s_io state: present update_cache: true