Fix for end-to-end-security-hardening task setup.sh (MinIO deployment conflict)

fix-minio-setup-explanation.md

Fix for end-to-end-security-hardening setup.sh

Issue

The task's setup.sh fails during bootstrap with:

The Deployment "bleater-minio" is invalid:
* spec.template.spec.containers[0].env[0].valueFrom: Invalid value: "": may not be specified when `value` is not empty
* spec.template.spec.containers[0].env[1].valueFrom: Invalid value: "": may not be specified when `value` is not empty

Root Cause

The nebula-devops base image contains a bleater-minio deployment with plain value env vars:

env:
  - name: MINIO_ROOT_USER
    value: "admin"
  - name: MINIO_ROOT_PASSWORD  
    value: "password123"

The setup.sh attempts to kubectl apply a new deployment spec with valueFrom.secretKeyRef:

env:
  - name: MINIO_ROOT_USER
    valueFrom:
      secretKeyRef:
        name: bleater-minio-secret
        key: MINIO_ROOT_USER

When Kubernetes merges these via kubectl apply, both value and valueFrom end up set on the same env var, which is invalid.

Fix

Delete the existing deployment before applying the new one. Add this before the kubectl apply heredoc (around line 203):

kubectl delete deployment bleater-minio -n bleater --ignore-not-found

Verification

After applying the patch:

• apex-arena test-solution end-to-end-security-hardening passes with score 1.0
• All 10 grader checks pass

Task UUID

9f1adfe9-cf70-4468-a6e7-9a634505f3b1 (version 15)

fix-minio-setup.patch

--- a/tasks/end-to-end-security-hardening/setup.sh
+++ b/tasks/end-to-end-security-hardening/setup.sh
@@ -200,6 +200,10 @@ echo "Step 6: Waiting for cleanup to complete..."
 sleep 5

 echo "Step 7: Applying updated PostgreSQL configuration with new credentials..."
+
+# Delete existing MinIO deployment to avoid conflict with value/valueFrom merge
+kubectl delete deployment bleater-minio -n bleater --ignore-not-found
+
 cat <<EOF | kubectl apply -f -
 ---
 # Secrets for PostgreSQL