The flux-kustomize-controller does not have gpg client #1384
Description
Which image/versions are related to this issue/feature request?
cgr.dev/chainguard/flux-kustomize-controller:latest
Issue/Feature description
Good day!
After switching from ghcr.io/fluxcd/kustomize-controller:v1.0.0-rc.3 to cgr.dev/chainguard/flux-kustomize-controller:latest I suddenly noted that sops stopped to work. The kustomize controller begin to emit the next messages:
{"level":"error","ts":"2023-09-15T06:15:59.169Z","msg":"Reconciliation failed after 108.87798ms, next try in 5m0s","controller":"kustomization","controllerGroup":"kustomize.toolkit.fluxcd.io","controllerKind":"Kustomization","Kustomization":{"name":"monitoring","namespace":"flux-system"},"namespace":"flux-system","name":"monitoring","reconcileID":"bacf1ab6-e88d-4bea-b31c-f61823717210","revision":"main@sha1:b999ca91832509e0b1acc490f249f7d4dd7827e7","error":"failed to import 'sops.asc' data from sops decryption Secret 'flux-system/sops-gpg': failed to import armored key data into GnuPG keyring: "}
It looks like that GnuPG was present in the original image, but not present is hardened image:
docker-with-supercronic % docker run -it --rm --entrypoint /bin/sh ghcr.io/fluxcd/kustomize-controller:v1.0.0-rc.3
~ $ gpg
gpg gpg-connect-agent gpg-wks-server gpgparsemail gpgtar
gpg-agent gpg-error gpg2 gpgsm gpgv
gpg-card gpg-wks-client gpgconf gpgsplit gpgv2
~ $ gpg
gpg: keybox '/tmp/pubring.kbx' created
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: Go ahead and type your message ...
^C
gpg: signal 2 caught ... exitingthe hardened wolfi image: