[Bug] Using "latest" image tag breaks versioned deployments of operator #688
Description
The deployment manifest of the vitess-operator uses the latest tag (https://github.com/planetscale/vitess-operator/blob/1001a86b8a9787180a1cd47a0d88a121da712d61/deploy/operator.yaml#L19C1-L19C50) which breaks this deployment in case the k8s configuration at a tagged branch is incompatible with the latest image.
I found this when tried to deploy the manifests of version v2.14.0 of the operator:
kubectl apply -k "github.com/planetscale/vitess-operator/deploy?ref=v2.14.0"
The latest version of the image requires access to the horizontalpodautoscalers, but the role definition at the v2.14.0 tag (https://github.com/planetscale/vitess-operator/blob/v2.14.0/deploy/role.yaml) does not yet include permissions for those resources as it does in the v2.15.0 tag: (https://github.com/planetscale/vitess-operator/blob/v2.15.0-rc1/deploy/role.yaml)
rules:
...
...
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- '*'
I would suggest matching the tag either directly in the deploy/operator.yaml or by adding a section like
images:
- name: planetscale/vitess-operator
newTag: <version>
in deploy/kustomization.yaml