[Bug] Using "latest" image tag breaks versioned deployments of operator

Open mayrf opened this issue 10 months ago • 0 comments

The deployment manifest of the vitess-operator uses the latest tag (https://github.com/planetscale/vitess-operator/blob/1001a86b8a9787180a1cd47a0d88a121da712d61/deploy/operator.yaml#L19C1-L19C50) which breaks this deployment in case the k8s configuration at a tagged branch is incompatible with the latest image.

I found this when tried to deploy the manifests of version v2.14.0 of the operator:

kubectl apply -k "github.com/planetscale/vitess-operator/deploy?ref=v2.14.0"

The latest version of the image requires access to the horizontalpodautoscalers, but the role definition at the v2.14.0 tag (https://github.com/planetscale/vitess-operator/blob/v2.14.0/deploy/role.yaml) does not yet include permissions for those resources as it does in the v2.15.0 tag: (https://github.com/planetscale/vitess-operator/blob/v2.15.0-rc1/deploy/role.yaml)

rules:
...
...

- apiGroups:
 - autoscaling
 resources:
 - horizontalpodautoscalers
 verbs:
 - '*'

I would suggest matching the tag either directly in the deploy/operator.yaml or by adding a section like

images:
  - name: planetscale/vitess-operator
    newTag: <version>

in deploy/kustomization.yaml

Apr 16 '25 10:04 mayrf