From 2e058bfad7fd03fcbd8603907876abc782cb192b Mon Sep 17 00:00:00 2001
From: Nathan Brown <nathan.brown@arm.com>
Date: Wed, 24 May 2023 16:42:28 -0500
Subject: [PATCH] cluster: dearmor Googles GPG key

Google recently changed their GPG key to require dearmoring. So, handle
their GPG key the same way Docker's GPG key is handled.

See [1, 2] for more details.

[1]: https://github.com/kubernetes/release/issues/2862
[2]: https://github.com/kubernetes/website/pull/41307

Signed-off-by: Nathan Brown <nathan.brown@arm.com>
Reviewed-by: Trevor Tao <trevor.tao@arm.com>
Reviewed-by: Tianyu Li <tianyu.li@arm.com>

Change-Id: I748b4105dca57cd9a4e7c8e3e3db0336fc8b30f6
---
 roles/common/tasks/main.yaml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/roles/common/tasks/main.yaml b/roles/common/tasks/main.yaml
index 7d8d24d..ef649d2 100644
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@@ -87,11 +87,13 @@
   when: ansible_swaptotal_mb > 0
 
 - name: Add Kubernetes GPG key
-  ansible.builtin.get_url:
-    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
-    dest: /usr/share/keyrings/kubernetes-archive-keyring.gpg
-    mode: 0644
+  ansible.builtin.shell: |
+    set -e -o pipefail > /dev/null
+    curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg --yes
   become: true # enable writing to /usr/share...
+  changed_when: true
+  args:
+    executable: /bin/bash
 
 - name: Add apt repo for kubernetes
   become: true
-- 
GitLab