Installing K3s on EL9-based distributions


I just wanted to let people know that if you’re installing K3S on EL9 (RHEL9, AlmaLinux 9, and probably Rocky Linux 9), you may need to tweak some settings to accept the RPM signatures. EL9 deprecates SHA1 package signatures in favor of SHA512 package signatures.

I had to make the following update before running the K3s installer

# update-crypto-policies --set DEFAULT:SHA1

After that, running the K3S install process proceeded normally.

For those that want to set things back, you can run this:

# update-crypto-policies --set DEFAULT

I think ultimately one of the RPM repos that K3s references will need to roll their signing keys to support SHA512 signatures, which is what Duo Security wound up doing.