When we introduced the fix for https://issues.redhat.com/browse/OCPBUGS-48614, it was intended to be a temporary fix until we could provide functionality for fetching ECR credentials in the base RHEL image through container tools.

As the RHEL layer is shared between multiple releases (4.19 - 4.21), and we currently install the 4.19 version of the ECR credential provider in this base RHEL layer, all 4.20 nodes are currently shipping with a 4.19 ECR provider as later image layers are not installing the updated RPM.

Discussed already in https://redhat-internal.slack.com/archives/C06SFBNH44S/p1758190683125639, the ROSA folks are going to create an alternative workaround by directly calling AWS APIs rather than relying on the credential provider. Once they've done that, we are safe to revert our original fix, at which point future images will install the correct ECR credential provider in the node layer.

We have agreed a timeline of the end of august (target 4.20.1) for this revert.

    1.
    2.
    3.