Feature Overview (aka. Goal Summary)  

Decouple OpenShift Installer from the release payload so the latest patch version of the Installer can deploy any patch OpenShift release in the minor version.

Goals (aka. expected user outcomes)

As a user, I want to be able to use the latest binary available for the OpenShift Installer to deploy any previous Z patch release of OpenShift for the matched minor version.

Requirements (aka. Acceptance Criteria):

The latest 'openshift-install' can install any z-stream of its matched X.Y version.

Use Cases (Optional):

1. There's a CVE in openshift-install codebase fixed in 4.12.25 but a need to continue installing 4.12.20 without potentially executing vulnerable code
2. There's a known incompatibility between 4.12.25+ installer and < 4.12.10, therefore 4.12.25 should error out if asked to install versions < 4.12.10 because they're specifically known to be incompatible.

Background

• Decouples fix delivery from the version of the product being installed
  • Fixes for CVEs in openshift-installer code itself
  • Defect fixes for code in openshift-installer
• Also allows the latest builds of the installer image to install older versions of the product without that image being flagged for including a vulnerable package (ie: glibc or openssl rpms in the image)

Implementation Considerations

It is possible the Terraform changes will impact this. How much is not known until more implementation details are known.

Documentation Considerations

Usual documentation will be required to instruct the user on how to use this feature.