install-kubectl-linux.md: add chmods

fbauzac · web-flow · commit e15b943a5aa6 · 2024-01-09T10:01:10.000+01:00
The keyring needs to be readable by _apt, otherwise "apt update" prints the following kind of error: W: GPG error: https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.29/deb InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 234654DA9A296436 E: The repository 'https://pkgs.k8s.io/core:/stable:/v1.29/deb InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. kubernetes.list needs to be world-readable, otherwise command-not-found prints warnings such as: WARNING:root:could not open file '/etc/apt/sources.list.d/kubernetes.list'
diff --git a/content/en/docs/tasks/tools/install-kubectl-linux.md b/content/en/docs/tasks/tools/install-kubectl-linux.md
@@ -137,6 +137,7 @@ The following methods exist for installing kubectl on Linux:
 
    ```shell
    curl -fsSL https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+   sudo chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg   # Needed so that _apt user can read it
    ```
 
 3. Add the appropriate Kubernetes `apt` repository. If you want to use Kubernetes version different than {{< param "version" >}},
@@ -145,6 +146,7 @@ The following methods exist for installing kubectl on Linux:
    ```shell
    # This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list
    echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
+   sudo chmod 644 /etc/apt/sources.list.d/kubernetes.list   # Needed so that command-not-found works correctly
    ```
 
 {{< note >}}
