Error retrieving Kubernetes Release Key

## Error retrieving Kubernetes Release Key

I’m encountering a 403 Forbidden error when attempting to download the Release Key using the following command:

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

** Here’s the complete error message:

curl: (22) The requested URL returned error: 403 gpg: no valid OpenPGP data found.

** I’ve also tried these variations, but they produce the same 403 error:

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key curl https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key

I’d appreciate any guidance on how to resolve this issue and successfully retrieve the Release Key.

Thank you in advance for your assistance!

Did you get the solution to this @Gautam3101 ? I am experiencing the same issue

je rencontre le meme probleme

Still a problem or not? I cannot reproduce this.

Still a problem. Works on some machines and doesn’t on the others. Every single one of them have different IP I would like to note.

These commands have been executed before;

sudo apt-get install -y apt-transport-https ca-certificates curl gnupg software-properties-common curl
sudo apt install socat -y

System also allows IPtables to see bridged traffic:

cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

# sysctl params required by setup, params persist across reboots
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

# Apply sysctl params without reboot
sudo sysctl --system

Here is the verbose output of curl:

root@worker-0:~# sudo curl -v -fsSL 

https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
File '/etc/apt/keyrings/kubernetes-apt-keyring.gpg' exists. Overwrite? (y/N) * Host pkgs.k8s.io:443 was resolved.
* IPv6: 2600:1901:0:26f3::
* IPv4: 34.107.204.206
*   Trying 34.107.204.206:443...
* Connected to pkgs.k8s.io (34.107.204.206) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [5116 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=k8s.io
*  start date: Sep  3 11:47:04 2024 GMT
*  expire date: Dec  2 12:22:43 2024 GMT
*  subjectAltName: host "pkgs.k8s.io" matched cert's "pkgs.k8s.io"
*  issuer: C=US; O=Google Trust Services; CN=WR3
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
} [5 bytes data]
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: pkgs.k8s.io]
* [HTTP/2] [1] [:path: /core:/stable:/v1.31/deb/Release.key]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /core:/stable:/v1.31/deb/Release.key HTTP/2
> Host: pkgs.k8s.io
> User-Agent: curl/8.5.0
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [284 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [284 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
< HTTP/2 403
< content-type: text/html; charset=UTF-8
< referrer-policy: no-referrer
< content-length: 330
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
* The requested URL returned error: 403
* Connection #0 to host pkgs.k8s.io left intact
curl: (22) The requested URL returned error: 403

The curl is not the problem here, the fetch just fails on the side of pkgs.k8s.io