diff --git a/Makefile b/Makefile
index 809044d98..0e2105ee9 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 # Put targets here if there is a risk that a target name might conflict with a filename.
 # this list is probably overkill right now.
 # See: https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
-.PHONY: test test-unit test-e2e test-eval test-lseval-periodic images run format verify
+.PHONY: test test-unit test-e2e test-eval test-lseval-periodic test-cluster-updates images run format verify
 
 export PATH := $(HOME)/.local/bin:$(PATH)
 
@@ -100,6 +100,12 @@ test-lseval-periodic: ## Run LSEval periodic evaluation (full 797-question datas
 	uv run --extra lseval --extra evaluation pytest tests/e2e/evaluation -vv -s --durations=0 -o junit_suite_name="${SUITE_ID}" --junit-prefix="${SUITE_ID}" --junit-xml="${ARTIFACT_DIR}/junit_e2e_${SUITE_ID}.xml" \
 	--eval_out_dir ${ARTIFACT_DIR} -m lseval
 
+test-cluster-updates: ## Run cluster-updates evaluation (18 conversations, 35 evaluations) - requires running OLS server with OpenAI keys
+	@echo "Running cluster-updates evaluation..."
+	@echo "Reports will be written to ${ARTIFACT_DIR}"
+	uv run --extra lseval --extra evaluation pytest tests/e2e/evaluation -vv -s --durations=0 -o junit_suite_name="${SUITE_ID}" --junit-prefix="${SUITE_ID}" --junit-xml="${ARTIFACT_DIR}/junit_e2e_${SUITE_ID}.xml" \
+	--eval_out_dir ${ARTIFACT_DIR} -m cluster_updates
+
 coverage-report:	unit-tests-coverage-report integration-tests-coverage-report ## Export coverage reports into interactive HTML
 
 unit-tests-coverage-report:	test-unit ## Export unit test coverage report into interactive HTML
diff --git a/eval/README.md b/eval/README.md
index 69bbc1877..d38b3f465 100644
--- a/eval/README.md
+++ b/eval/README.md
@@ -50,17 +50,71 @@ lightspeed-eval --system-config system.yaml --eval-data eval_data_short.yaml --o
 
 # Full evaluation (797 questions)
 lightspeed-eval --system-config system.yaml --eval-data eval_data.yaml --output-dir ./results
+
+# Cluster-updates evaluation (17 conversations, 18 test turns) - uses optimized config
+lightspeed-eval --system-config system_cluster_updates.yaml \
+                --eval-data eval_data_cluster_updates.yaml \
+                --output-dir ./results
+
+# Run specific cluster-updates test category (e.g., critical tests)
+lightspeed-eval --system-config system_cluster_updates.yaml \
+                --eval-data eval_data_cluster_updates.yaml \
+                --tags cluster-updates-critical \
+                --output-dir ./results
 ```
 
 ## What's Included
 
 ### Datasets
-- **`eval_data_short.yaml`**: 10 conversations
-- **`eval_data.yaml`**: 797 conversations
-
-### Configuration
-- **`system.yaml`**: Pre-configured for OLS at `localhost:8080`
-- **Default metrics**: answer correctness
+- **`eval_data_short.yaml`**: 10 conversations (quick smoke test)
+- **`eval_data.yaml`**: 797 general OpenShift knowledge questions (conv_001-797)
+- **`eval_data_cluster_updates.yaml`**: 17 cluster-updates test conversations (conv_798-814, 18 test turns)
+
+### Test Categories (by tag)
+- **cluster-updates-scenarios**: Comprehensive health assessment with extensive constraints (conv_798-802, 5 conversations)
+- **cluster-updates-critical**: Condition status interpretation - MUST pass 100% (conv_803)
+- **cluster-updates-format**: Output format compliance (Summary + TL;DR) (conv_804)
+- **cluster-updates-blockers**: Admin-ack gates and upgrade blockers (conv_805)
+- **cluster-updates-risks**: Conditional update risk analysis (conv_806)
+- **cluster-updates-path**: Upgrade path validation (conv_807)
+- **cluster-updates-troubleshoot**: Upgrade failure diagnosis and remediation (conv_808)
+- **cluster-updates-conversation**: Multi-turn conversation handling (conv_809, 2 turns)
+- **cluster-updates-no-updates**: Cluster at latest version scenarios (conv_810)
+- **cluster-updates-channels**: Update channel understanding (conv_811)
+- **cluster-updates-mcp**: MachineConfigPool upgrade behavior (conv_812)
+- **cluster-updates-pdb**: PodDisruptionBudget impact on upgrades (conv_813)
+- **cluster-updates-eus**: Extended Update Support (EUS) upgrade paths (conv_814)
+- **cluster-updates-troubleshoot**: Failure diagnosis with error extraction (conv_808)
+- **cluster-updates-conversation**: Multi-turn conversations (conv_809, 2 turns)
+- **cluster-updates-no-updates**: Handling clusters at latest version (conv_810)
+- **cluster-updates-channels**: Update channel understanding (conv_811)
+- **cluster-updates-mcp**: MachineConfigPool upgrade behavior (conv_812)
+- **cluster-updates-pdb**: PodDisruptionBudget impact on upgrades (conv_813)
+- **cluster-updates-eus**: EUS (Extended Update Support) upgrades (conv_814)
+
+### Configuration Files
+
+Two configuration files are available depending on your use case:
+
+#### `system.yaml` - Default Configuration
+- **Use for:** General OpenShift knowledge evaluation (conv_001-797)
+- **API Base:** `http://localhost:8080` (local development)
+- **Max Tokens:** 512 (standard responses)
+- **API Provider:** `openai`
+- **Metrics:** All standard metrics available (Ragas, DeepEval, custom)
+
+#### `system_cluster_updates.yaml` - Cluster-Updates Optimized
+- **Use for:** Cluster-updates evaluation (conv_798-814)
+- **API Base:** `http://localhost:8080` (same as default)
+- **Max Tokens:** 2048 (detailed cluster analysis - 4x larger for complex responses)
+- **API Provider:** `openai` (cluster-specific configuration)
+- **Output Directory:** `./results` (organized test output)
+- **Available Metrics:**
+  - `custom:answer_correctness` - Basic correctness evaluation
+  - `geval:condition_status_accuracy` - Kubernetes condition interpretation (threshold: 1.0 - CRITICAL!)
+  - `geval:output_format_compliance` - Response format validation (threshold: 0.95)
+  - `geval:technical_accuracy` - OpenShift/Kubernetes domain knowledge (threshold: 0.85)
+  - `geval:actionable_guidance` - Specific remediation steps (threshold: 0.7)
 
 
 ## Results
@@ -72,4 +126,4 @@ Results are saved in output directories:
 
 
 ## Data & Eval system setup
-Refer [Lightspeed Evaluation tool](https://github.com/lightspeed-core/lightspeed-evaluation#readme)
\ No newline at end of file
+Refer [Lightspeed Evaluation tool](https://github.com/lightspeed-core/lightspeed-evaluation#readme)
diff --git a/eval/eval_data_cluster_updates.yaml b/eval/eval_data_cluster_updates.yaml
new file mode 100644
index 000000000..12b6159e4
--- /dev/null
+++ b/eval/eval_data_cluster_updates.yaml
@@ -0,0 +1,667 @@
+- conversation_group_id: conv_798
+  tag: cluster-updates-scenarios
+  turns:
+  - turn_id: turn_001
+    query: "# OpenShift Cluster Upgrade Pre-Check Analysis\n\n<constraints>\n- LANGUAGE REQUIREMENT: Respond in English. All analysis, explanations, recommendations, and text must be in English.\n\n- YOU MUST ALWAYS CALL THE TOOLS TO GET THE INFORMATION. YOU SHOULD NEVER TREAT DATA FROM EXAMPLES AS REAL DATA.\n- YOU MUST ALWAYS REFERENCE REAL DATA FROM TOOL CALLS. IF REAL DATA IS NOT AVAILABLE, NOTIFY THE USER AND REFUSE TO ANSWER USING INCORRECT DATA BUT DO NOT USE PLACEHOLDER OR DUMMY DATA.\n- NEVER use placeholder or dummy data - only reference real data from tool calls.\n- ONLY report issues that are actually present in the data.\n- ONLY OUTPUT the Summary and TL;DR sections.\n- Be specific about the source of any issues identified.\n- CRITICAL: When counting available updates, count ALL array elements in status.availableUpdates AND status.conditionalUpdates separately.\n\n<scope_definition>\n**IN SCOPE - Issues that affect OCP cluster updates:**\n- ClusterVersion conditions that block\
+      \ or signal upgrade problems\n- ClusterOperator health that blocks operator-phase progression during upgrade\n- MachineConfigPool state that blocks node-phase rollout\n- Node conditions that prevent draining, rebooting, or rejoining during upgrade\n- PodDisruptionBudgets that prevent node draining during rolling MCP updates\n- Conditional update risks that apply to this specific cluster (Recommended=False)\n- Admin-ack gates required before minor-version upgrades\n- Deprecated API usage that will break after upgrade\n- Pending CSRs that will prevent nodes from rejoining post-reboot\n- OLM Subscription health for layered operators that must be compatible with target release\n- Update path validity (channel, skip-level, EUS constraints)\n- Resource pressure that prevents upgrade surge capacity\n- Active alerts directly relevant to upgrade readiness\n- Configuration overrides that mask CVO reconciliation\n\n**OUT OF SCOPE - Do NOT flag these unless they directly affect upgrades:**\n-\
+      \ General application performance issues\n- User workload errors unrelated to PDBs or node drain\n- Non-upgrade-related warnings or events\n- Cosmetic issues\n- Issues that are recovering on their own and are not blocking\n- Anything that does not have a documented effect on oc adm upgrade or the upgrade process\n\nIf you cannot tie an issue to a specific upgrade-blocking or upgrade-disrupting mechanism, do not report it.\n</scope_definition>\n**CRITICAL: Timeout and Error Handling**\n**Timeout Awareness:**\n- You have a 60-second timeout - manage your time wisely\n- Prioritize essential data (ClusterVersion, ClusterOperators, admin-acks/admin-gates) first\n- Track execution time and stop making new tool calls after 50 seconds\n- Provide analysis with available data rather than timing out trying to fetch everything\n**Error Handling Rules:**\n1. **Be specific about which tool failed** - don't give generic \"cannot retrieve data\" messages.\n2. **Explain what data you're missing** -\
+      \ e.g., \"Unable to fetch ClusterVersion resource\" vs \"Unable to retrieve data\".\n3. **Try alternative approaches**:\n   - If resources_list fails for all ClusterOperators, note this specifically.\n   - If nodes_top fails, continue with other analysis - it's optional.\n   - If get_alerts fails, skip it - alerts are optional.\n   - If events_list fails, continue without event data.\n   - If APIRequestCount fails or is unavailable on the cluster version, note it and skip.\n4. **Provide partial analysis** - If you get ClusterVersion but not operators, analyze what you have.\n5. **Give actionable troubleshooting** when tools fail:\n   - Check if OpenShift MCP server is running: 'oc get pods -n openshift-lightspeed'\n   - Verify cluster connectivity.\n   - Suggest checking MCP server logs for specific errors.\n6. **NEVER give up completely** - Always provide SOME analysis even with partial data.\n**Example of good error handling:**\n- BAD: \"I cannot retrieve necessary data from the\
+      \ cluster\"\n- GOOD: \"Successfully retrieved ClusterVersion (current: 4.21.14, 7 updates available, 2 conditional updates with risks). However, unable to fetch ClusterOperator list (error: connection timeout). Based on ClusterVersion alone, the cluster reports Upgradeable=True and Failing=False. To complete operator health analysis, please verify the OpenShift MCP server is accessible.\"\n**Example of good timeout handling:**\n- GOOD: \"Retrieved ClusterVersion, all 28 ClusterOperators, admin-acks, and admin-gates (execution time: 38 seconds). Skipping APIRequestCount and alerts to avoid timeout. All admin-ack gates are satisfied; cluster is on track for upgrade.\"\n**Tool Call Priority to Avoid Timeouts:**\n**PHASE 1 - ESSENTIAL (Always fetch, target under 25 seconds):**\n1. resources_get: ClusterVersion (apiVersion: \"config.openshift.io/v1\", kind: \"ClusterVersion\", name: \"version\")\n   - Capture full status including: conditions, availableUpdates, conditionalUpdates, history,\
+      \ capabilities, desired\n2. resources_list: ClusterOperator (apiVersion: \"config.openshift.io/v1\", kind: \"ClusterOperator\")\n3. resources_get: ConfigMap \"admin-gates\" in namespace \"openshift-config-managed\"\n   (lists upgrade-blocking gate keys defined by the cluster's components)\n4. resources_get: ConfigMap \"admin-acks\" in namespace \"openshift-config\"\n   (lists administrator acknowledgements)\n**PHASE 2 - IMPORTANT (Fetch if time permits, under 45 seconds total):**\n5. resources_list: Node (apiVersion: \"v1\", kind: \"Node\") - Quick check for NotReady nodes and pressure conditions\n6. resources_list: MachineConfigPool (apiVersion: \"machineconfiguration.openshift.io/v1\", kind: \"MachineConfigPool\")\n7. events_list: Get recent warning/error events from last 30 minutes in upgrade-relevant namespaces (openshift-cluster-version, openshift-machine-config-operator, openshift-etcd, openshift-kube-apiserver, openshift-apiserver, openshift-authentication, openshift-network-operator)\n\
+      **PHASE 3 - OPTIONAL (Only if under 50 seconds total):**\n8. nodes_top: Check node CPU/memory usage\n9. resources_list: PodDisruptionBudget (apiVersion: \"policy/v1\", kind: \"PodDisruptionBudget\") - Filter out openshift-*, kube-*\n10. resources_list: APIRequestCount (apiVersion: \"apiserver.openshift.io/v1\", kind: \"APIRequestCount\") - Identify deprecated APIs in use\n11. resources_list: CertificateSigningRequest (apiVersion: \"certificates.k8s.io/v1\", kind: \"CertificateSigningRequest\") - Filter for Pending state\n12. resources_list: MachineHealthCheck (apiVersion: \"machine.openshift.io/v1beta1\", kind: \"MachineHealthCheck\") - Check for unpaused MHCs\n13. resources_list: Subscription (apiVersion: \"operators.coreos.com/v1alpha1\", kind: \"Subscription\") - Layered operator health\n14. get_alerts: Check for critical/warning alerts\n**CRITICAL EFFICIENCY RULES:**\n- If approaching 50 seconds of execution time, STOP making new tool calls and provide analysis with data collected\n\
+      - NEVER let total execution exceed 55 seconds to avoid timeout\n- Prioritize breadth over depth: Get ClusterVersion + ClusterOperators + admin-acks fully before diving into logs/events\n- Skip optional data if essential data took longer than expected\n<language_validation>\nBEFORE providing your response, verify:\n1. Every word in your response is in the target language (except system identifiers like file paths, URLs, command names).\n2. Technical terms are translated or explained in the target language.\n3. No English phrases or mixed language content exists in your explanations.\n4. All section headers and content follow the target language requirements.\n</language_validation>\n</constraints>\n\n<context>\nThis is a pre-upgrade analysis for OpenShift cluster version 4.21.14. You have complete cluster data including ClusterVersion, all ClusterOperator resources, admin-acks/admin-gates ConfigMaps, and supporting infrastructure resources. Focus on identifying real blockers and risks\
+      \ that would prevent or disrupt cluster upgrades. Stay strictly within the upgrade-impact scope defined above.\n</context>\n\n<condition_checking_guide>\nCRITICAL: Understanding Kubernetes/OpenShift Conditions\n\nConditions have TWO important fields you MUST check:\n- **type**: The name of the condition (e.g., \"Failing\", \"Available\", \"Progressing\", \"Upgradeable\", \"Recommended\")\n- **status**: The state of the condition (ONLY these values: \"True\", \"False\", or \"Unknown\")\n**MANDATORY CHECKING PROCESS:**\nFor EVERY condition you analyze, you MUST:\n1. First, locate the condition by its type field.\n2. Second, read the EXACT value of the status field.\n3. Third, interpret based ONLY on the status field value:\n   - If status=\"True\" → The condition IS active/present.\n   - If status=\"False\" → The condition is NOT active/NOT present.\n   - If status=\"Unknown\" → The condition state is uncertain.\n**DO NOT report a problem unless status=\"True\" for negative conditions\
+      \ OR status=\"False\" for positive conditions!**\n**Critical Examples - MEMORIZE THESE:**\nClusterVersion / ClusterOperator / general:\n- {type: \"Failing\", status: \"False\"} → Cluster is NOT failing → NO PROBLEM\n- {type: \"Failing\", status: \"True\"} → Cluster IS failing → PROBLEM\n- {type: \"Available\", status: \"True\"} → Component IS available → NO PROBLEM\n- {type: \"Available\", status: \"False\"} → Component is NOT available → PROBLEM\n- {type: \"Degraded\", status: \"False\"} → NOT degraded → NO PROBLEM\n- {type: \"Degraded\", status: \"True\"} → IS degraded → PROBLEM\n- {type: \"Upgradeable\", status: \"True\"} or absent → Upgrades allowed → NO PROBLEM\n- {type: \"Upgradeable\", status: \"False\"} → Upgrades BLOCKED → PROBLEM (read message/reason)\n- {type: \"Progressing\", status: \"True\"} → Currently changing state. Only a problem if stuck (check lastTransitionTime and message for errors).\n- {type: \"RetrievedUpdates\", status: \"True\"} → Update service healthy →\
+      \ NO PROBLEM\n- {type: \"RetrievedUpdates\", status: \"False\"} → Cannot reach update service → PROBLEM\n- {type: \"ReleaseAccepted\", status: \"True\"} → Release image accepted → NO PROBLEM\n- {type: \"ReleaseAccepted\", status: \"False\"} → Release image rejected (signature/manifest issue) → PROBLEM\n- {type: \"ImplicitlyEnabledCapabilities\", status: \"False\"} → No capability surprise → NO PROBLEM\n- {type: \"ImplicitlyEnabledCapabilities\", status: \"True\"} → Disabled capability was implicitly enabled → INFORMATIONAL/WARNING\nConditional update entries (status.conditionalUpdates[].conditions[]):\n- {type: \"Recommended\", status: \"True\"} → Update IS recommended for this cluster → SAFE\n- {type: \"Recommended\", status: \"False\"} → Update has KNOWN RISK matching this cluster → REPORT RISK (name, message, url)\n- {type: \"Recommended\", status: \"Unknown\"} → CVO still evaluating → INFORMATIONAL\nNode conditions:\n- {type: \"Ready\", status: \"True\"} → Node is ready → NO PROBLEM\n\
+      - {type: \"Ready\", status: \"False\"} or \"Unknown\" → Node NotReady → PROBLEM (will block drain/upgrade on that node)\n- {type: \"MemoryPressure\", status: \"True\"} → Memory pressure → PROBLEM\n- {type: \"DiskPressure\", status: \"True\"} → Disk pressure → PROBLEM (often blocks image pulls during upgrade)\n- {type: \"PIDPressure\", status: \"True\"} → PID pressure → PROBLEM\n- {type: \"NetworkUnavailable\", status: \"True\"} → Network unavailable → PROBLEM\nMachineConfigPool conditions:\n- {type: \"Updated\", status: \"True\"} → Pool is at desired config → NO PROBLEM\n- {type: \"Updated\", status: \"False\"} → Pool not yet updated. Only a problem if stuck or paused inappropriately.\n- {type: \"Updating\", status: \"True\"} → Pool currently rolling. Acceptable mid-upgrade; problem if stuck for hours.\n- {type: \"Degraded\", status: \"True\"} → Pool degraded → PROBLEM (blocks further node updates)\n- {type: \"NodeDegraded\", status: \"True\"} → A node in pool failed config apply →\
+      \ PROBLEM\n- {type: \"RenderDegraded\", status: \"True\"} → Could not render config → PROBLEM (blocks any update for the pool)\n**VERIFICATION REQUIREMENT:**\nBefore making ANY conclusion about a condition, you MUST internally state:\n\"Condition type='X' has status='Y'\" and then interpret it correctly.\n**NEVER assume a condition is true just because the type exists - ALWAYS check the status field!**\n**The presence of a condition type does NOT mean it is active - check the status field!**\n</condition_checking_guide>\n\n<critical_analysis_requirements>\n### 1. Available Updates and Conditional Updates Analysis\n**Available updates (status.availableUpdates):**\n- Count EXACTLY how many items are in status.availableUpdates array.\n- For each entry, extract: version, image, channels[], url (errata).\n- Identify the latest recommended z-stream and the latest recommended y-stream (if any).\n**Conditional updates (status.conditionalUpdates) — REQUIRED:**\n- Count EXACTLY how many items\
+      \ are in status.conditionalUpdates array.\n- For each conditional update, locate the conditions[] entry with type=\"Recommended\":\n  - If status=\"False\": the cluster matches a known risk for this target. Extract:\n    - Target release.version and release.image\n    - The reason and message from the Recommended condition\n    - All risks[] entries: name, message, url (Red Hat KCS or bug link)\n  - If status=\"Unknown\": CVO has not finished evaluating risks yet — note as informational.\n  - If status=\"True\": cluster does NOT match any risk for this target — treat as effectively recommended.\n- Conditional update presence with Recommended=False is NOT itself an upgrade blocker, but it IS a risk the administrator must explicitly accept; surface it prominently.\n\n### 2. ClusterVersion Conditions - VERIFICATION REQUIRED\nFor each of the following, locate the condition in status.conditions[], read the status field, and interpret per <condition_checking_guide>. Quote the actual reason\
+      \ and message if reporting a problem.\na) **Failing**: status=\"True\" → reconciliation failure, report reason and message.\nb) **Upgradeable**: status=\"False\" → upgrades are explicitly blocked; report reason and message verbatim. Common reasons include AdminAckRequired, MultipleReasons, operator-specific reasons.\nc) **Available**: status=\"False\" → cluster operationally impaired.\nd) **Progressing**: status=\"True\" AND not currently in an admin-initiated upgrade → may indicate a stuck reconciliation.\ne) **RetrievedUpdates**: status=\"False\" → Cincinnati/update service unreachable; cluster cannot discover updates.\nf) **ReleaseAccepted**: status=\"False\" → desired release image was rejected (signature verification, manifest validation, or image pull failure).\ng) **ImplicitlyEnabledCapabilities**: status=\"True\" → a capability disabled in spec was implicitly enabled; surface as informational warning.\n\n### 3. Admin-Ack Gate Analysis (CRITICAL FOR MINOR UPGRADES)\nOpenShift\
+      \ requires administrators to acknowledge specific upgrade gates before minor-version upgrades. CVO sets Upgradeable=False with reason=AdminAckRequired until all applicable gates are acknowledged.\nProcedure:\n- Read keys from ConfigMap admin-gates in namespace openshift-config-managed. These are the gate keys the cluster's components have declared (example key shape: ack-4.13-kube-1.27-api-removals-in-4.14).\n- Read keys from ConfigMap admin-acks in namespace openshift-config. An acknowledgement is valid only if the value is the literal string \"true\".\n- For each key in admin-gates:\n  - If the same key exists in admin-acks with value \"true\" → ACKNOWLEDGED.\n  - If missing OR value is anything other than \"true\" → NOT ACKNOWLEDGED, and minor upgrade is blocked until administrator runs:\n    'oc -n openshift-config patch cm admin-acks --patch '{\"data\":{\"<gate-key>\":\"true\"}}' --type=merge'\n- Report each unacknowledged gate by its exact key name. Do NOT invent gate keys; only\
+      \ report what is actually present in admin-gates.\n- If admin-gates is empty or absent → no current admin-ack gates apply.\n- If either ConfigMap is unreadable, note it explicitly and indicate that gate state cannot be confirmed.\n\n### 4. ClusterOperator Health Check (per-operator condition matrix)\nFor each ClusterOperator, check status.conditions[]. Report as upgrade-impacting only when status fields match these patterns:\n- Available=False → BLOCKER. Operator is down, will block its phase of the upgrade.\n- Degraded=True → WARNING/POTENTIAL BLOCKER. Operator is reconciling with errors. If Available=True, upgrade may still proceed but with risk; if Available=False as well, treat as blocker.\n- Upgradeable=False → BLOCKER for minor (and sometimes z-stream) upgrades. Report exact reason and message.\n- Progressing=True for an extended period (no admin-initiated upgrade in flight) with error messages → POTENTIAL BLOCKER (stuck reconciliation).\n**Pay special attention to these critical\
+      \ operators** (failures here are upgrade-blocking by nature):\n- cluster-version (the CVO itself)\n- etcd — quorum and member health gate the entire control plane upgrade\n- kube-apiserver, kube-controller-manager, kube-scheduler — revision rollouts must converge before next phase\n- openshift-apiserver\n- machine-config — drives node-side updates\n- machine-api — provisions/replaces nodes\n- authentication\n- network — SDN/OVN health is required for any rolling reboot\n- dns\n- ingress\n- monitoring\n- image-registry\n- storage and any CSI driver operators\nFor each problematic operator, report: name, the failing condition (type and status), the reason, and the message.\n\n### 5. MachineConfigPool Status (Node Rollout Readiness)\nFor each MachineConfigPool (focus on master and worker, plus any custom pools):\n- spec.paused == true → Pool is paused. Paused master pool is almost always wrong. Paused worker pool is acceptable only as part of a documented EUS upgrade workflow; flag it\
+      \ for administrator awareness because paused pools block node-level updates and inhibit certificate rotation.\n- status.conditions[]:\n  - Degraded=True → BLOCKER for that pool's node updates. Report message.\n  - NodeDegraded=True → BLOCKER. A node in the pool failed to apply config; identify the node from the message.\n  - RenderDegraded=True → BLOCKER. The MCO cannot render a valid config for the pool.\n  - Updated=False AND Updating=False → Pool has pending changes but is not progressing — investigate.\n- Configuration drift: If status.observedGeneration != metadata.generation, the pool is behind; mention if the gap is significant.\n- status.machineCount, status.readyMachineCount, status.updatedMachineCount, status.degradedMachineCount — report if degradedMachineCount > 0 or if readyMachineCount < machineCount outside an active upgrade.\n\n### 6. Node Health and Resource Pressure\na) **Node Readiness and Pressure** (per Node, from status.conditions):\n   - Ready=False or Ready=Unknown\
+      \ → BLOCKER. The node cannot drain, reboot, and rejoin during a rolling update. Report node name and the condition's reason and message.\n   - MemoryPressure=True → BLOCKER/WARNING. Pods will be evicted and reschedule may not converge during upgrade surge; flag node name.\n   - DiskPressure=True → BLOCKER. Image pulls for new release content will fail. Flag node name and check /var/lib/containers if message indicates.\n   - PIDPressure=True → BLOCKER.\n   - NetworkUnavailable=True → BLOCKER.\n   - spec.unschedulable=true (cordoned) outside an active drain → flag for administrator awareness.\nb) **Resource Utilization** (using nodes_top, optional):\n   - Flag any node with CPU usage > 90% or memory usage > 90%.\n   - Explain impact: Rolling upgrades require surge capacity (control-plane revisions roll one node at a time; worker pools drain one node at a time). Saturated nodes can prevent successful drain and pod rescheduling.\n   - For control-plane nodes, memory pressure is especially\
+      \ impactful because etcd is sensitive to I/O contention.\n\n### 7. PodDisruptionBudget Analysis (User Workload Drain Blockers)\nPDBs become upgrade-relevant because the MachineConfigOperator drains worker nodes one at a time during rolling updates. A PDB that does not allow eviction will block the drain indefinitely.\nProcedure:\n- Query PDBs in ALL namespaces EXCEPT OpenShift system namespaces:\n  - All namespaces with prefix openshift-\n  - All namespaces with prefix kube-\n  - Namespaces default and openshift\n- For each remaining (user workload) PDB, evaluate as a drain blocker if ANY of the following are true:\n  - status.disruptionsAllowed == 0 AND status.currentHealthy <= status.desiredHealthy (eviction blocked right now)\n  - spec.minAvailable equals 100% (or equals status.expectedPods) — no pod can be evicted\n  - spec.maxUnavailable == 0 — explicitly forbids any disruption\n  - The PDB selector matches zero pods (status.expectedPods == 0) AND minAvailable >= 1 — misconfigured,\
+      \ will block drain\n- For each problematic PDB, report: namespace, name, the offending field, and status.disruptionsAllowed.\n- Ignore all PDBs in OpenShift system namespaces — these are managed by Red Hat.\n- If no problematic user workload PDBs exist, state \"No problematic user workload PDBs found\".\n\n### 8. Update Path Validation\na) **Channel correctness**:\n   - Read spec.channel (e.g., stable-4.21, fast-4.21, eus-4.18).\n   - Check status.desired.channels[] for channels available for the current version.\n   - If spec.channel is not present in status.desired.channels AND RetrievedUpdates=False, the channel may be invalid for this version — flag it.\nb) **Skip-level detection**:\n   - Examine status.history[0].version (current) vs any administrator-mentioned target.\n   - OpenShift does NOT support skipping minor versions (e.g., 4.18 → 4.20 directly). Upgrades must go through each intermediate minor, except via the EUS-to-EUS path where worker pools are paused.\n   - If the\
+      \ latest available update or conditional update is more than one minor ahead of the current version, surface this as an informational note about path constraints.\nc) **EUS path indicators**:\n   - If spec.channel starts with eus-, note that the cluster is on the EUS path and that worker MCP pause/unpause is part of the workflow.\n\n### 9. Deprecated API Usage (Affects Minor Upgrades)\nIf the APIRequestCount resource is available on this cluster (apiserver.openshift.io/v1):\n- List APIRequestCount objects.\n- For each, read status.removedInRelease. If a removal release is set AND the upcoming minor target matches or exceeds it:\n  - Read status.currentHour.byUser[] and status.last24h[].byUser[] to identify which clients are still calling the API.\n  - Report: API name (e.g., flowschemas.v1beta2.flowcontrol.apiserver.k8s.io), removedInRelease, and a deduplicated list of top callers (username and userAgent).\n- If no deprecated APIs are in use OR none are removed by the target release\
+      \ → state so explicitly.\n- If APIRequestCount is unavailable, skip with a note.\n\n### 10. Pending CertificateSigningRequests\nDuring upgrades, nodes that reboot must have their kubelet client and serving certificates approved. A backlog of pending CSRs can prevent nodes from rejoining the cluster.\n- List CertificateSigningRequest objects.\n- Filter to those with no Approved condition AND no Denied condition (i.e., still pending) OR with status.certificate empty.\n- Group by spec.signerName (e.g., kubernetes.io/kube-apiserver-client-kubelet, kubernetes.io/kubelet-serving).\n- If 5 or more node-related CSRs are pending, flag as a node rejoin risk and report counts and signer names.\n- Pending CSRs unrelated to nodes (custom signers) can be ignored unless explicitly tied to upgrade workflows.\n\n### 11. MachineHealthCheck Status\nActive MachineHealthChecks can interfere with upgrades by remediating nodes that are intentionally drained or rebooted as part of the upgrade. Red Hat documentation\
+      \ recommends pausing MHCs during upgrades.\n- List MachineHealthChecks.\n- For each, check metadata.annotations[\"cluster.x-k8s.io/paused\"] or metadata.annotations[\"machine.openshift.io/cluster-api-cluster\"] paused-style annotations. Different OCP versions use different paused annotations; if any pause annotation is present, treat as paused.\n- Report MHCs that are NOT paused and target node sets that will roll during the upgrade — surface as a recommendation, not a blocker.\n\n### 12. OLM Subscription Health (Layered Operators)\nLayered operators installed via OLM must be on a channel/version compatible with the target OpenShift release before upgrade.\n- List Subscriptions.\n- For each Subscription, examine status.conditions[]:\n  - CatalogSourcesUnhealthy=True → operator catalog cannot be reached (will block any operator updates)\n  - InstallPlanFailed=True or ResolutionFailed=True → operator cannot install/update; flag the operator\n  - InstallPlanPending=True AND not progressing\
+      \ → manual approval may be required before upgrade\n- Report by namespace and Subscription name. Do not flag healthy Subscriptions.\n\n### 13. Cluster Capabilities Assessment\n- Extract enabled capabilities from status.capabilities.enabledCapabilities.\n- Extract known capabilities from status.capabilities.knownCapabilities.\n- Disabled capabilities = known minus enabled. Note these.\n- If ImplicitlyEnabledCapabilities=True, surface that the upgrade target implicitly enables a capability that was disabled in spec.capabilities.\n- Capabilities themselves are rarely upgrade blockers, but capability transitions can change which operators are reconciled.\n\n### 14. Cincinnati Update Service Health\n- spec.upstream: if set, the cluster uses a custom update service; if unset, default Red Hat update service is used.\n- Verify RetrievedUpdates condition: status, lastTransitionTime, message.\n- If status.availableUpdates is empty AND RetrievedUpdates=True → cluster is on the latest known version\
+      \ in its channel.\n- If status.availableUpdates is empty AND RetrievedUpdates=False → update discovery is broken.\n- spec.clusterID: report for telemetry context.\n- spec.signatureStores: if present, custom signature stores are configured (relevant for disconnected clusters and ReleaseAccepted failures).\n\n### 15. Cluster Version History Context\n- Initial version: status.history[] last entry (oldest).\n- Most recent completed upgrade: most recent status.history[] entry with state=\"Completed\".\n- Any state=\"Partial\" entries indicate failed or interrupted upgrades — surface them.\n- Cluster age: derive from oldest history entry's startedTime or completionTime.\n\n### 16. Configuration Overrides\n- Review spec.overrides[]. Each entry with unmanaged=true means the CVO will not reconcile that resource.\n- Overrides are not upgrade blockers per se, but they can mask drift and cause post-upgrade inconsistencies. Surface any overrides as informational.\n\n### 17. Recent Events Analysis\
+      \ (Upgrade-Relevant Only)\n- Query events from last 30 minutes, type Warning or higher.\n- Restrict to upgrade-relevant namespaces: openshift-cluster-version, openshift-machine-config-operator, openshift-etcd, openshift-kube-apiserver, openshift-apiserver, openshift-authentication, openshift-network-operator, openshift-monitoring.\n- Group by reason and involvedObject to avoid noise.\n- Translate technical reasons into plain language:\n  - ImagePullBackOff → \"Operator pod cannot pull its container image — check registry connectivity or pull secrets\"\n  - FailedScheduling → \"Operator pod cannot be scheduled — check node taints, resources, or selectors\"\n  - Unhealthy (for etcd) → \"etcd member health check failing — investigate before upgrading\"\n- Skip events unrelated to upgrade readiness.\n\n### 18. Active Alerts (Optional)\nIf get_alerts is available:\n- Focus on severity=critical and severity=warning.\n- Prioritize alerts whose names indicate upgrade impact, including but\
+      \ not limited to: ClusterNotUpgradeable, ClusterOperatorDown, ClusterOperatorDegraded, KubeAPIDown, etcdMembersDown, etcdInsufficientMembers, KubePersistentVolumeFillingUp, NodeFilesystemSpaceFillingUp, KubeNodeNotReady, MachineConfigDaemonReboot-style alerts.\n- Translate each fired alert into an actionable recommendation.\n- If get_alerts is unavailable, skip this section.\n</critical_analysis_requirements>\n\n<output_format>\n## Summary\n**Update Service Health**\n- **Cincinnati Service**: [spec.upstream URL if configured, otherwise \"Default Red Hat update service\"]\n- **Service Status**: [RetrievedUpdates condition status and message]\n- **Last Update Check**: [From RetrievedUpdates condition lastTransitionTime]\n- **Update Channel**: [Current spec.channel]\n- **Channel Validity**: [Confirmed valid for current version, or flagged as not in status.desired.channels]\n- **Cluster ID**: [spec.clusterID]\n**Cluster History Context**\n- **Initial Version**: [First entry from status.history\
+      \ with date]\n- **Upgrade Path**: [Recent version progression from history]\n- **Last Completed Upgrade**: [Most recent Completed entry with timeframe]\n- **Partial/Failed Upgrade History**: [Any Partial entries, otherwise \"None\"]\n- **Cluster Age**: [Time since initial installation]\n**Available Updates**\n- **Recommended Updates**: [Count from status.availableUpdates with versions]\n- **Conditional Updates**: [Count from status.conditionalUpdates]\n- **Conditional Update Risk Analysis**: For each conditional update with Recommended=False, list:\n  - Target version, risk name, risk message, reference URL\n  - Otherwise: \"No conditional update risks apply to this cluster\"\n**Upgrade Readiness Assessment**\n\nYOU MUST explicitly state the status field value for each condition you check.\n**ClusterVersion Conditions:**\n- **Failing**: [type=\"Failing\" found with status=\"X\"] → [interpretation]\n- **Upgradeable**: [type=\"Upgradeable\" found with status=\"X\" OR not found] → [interpretation,\
+      \ including reason and message if status=\"False\"]\n- **Available**: [type=\"Available\" found with status=\"X\"] → [interpretation]\n- **Progressing**: [type=\"Progressing\" found with status=\"X\"] → [interpretation; only flag if stuck and not in admin-initiated upgrade]\n- **RetrievedUpdates**: [status=\"X\"] → [interpretation]\n- **ReleaseAccepted**: [status=\"X\"] → [interpretation]\n- **ImplicitlyEnabledCapabilities**: [status=\"X\"] → [interpretation]\n**Admin-Ack Gates (Minor Upgrade Prerequisite):**\n- **Defined Gates** (from openshift-config-managed/admin-gates): [list of keys, or \"None\"]\n- **Acknowledged** (from openshift-config/admin-acks with value \"true\"): [list of keys]\n- **Outstanding Gates Blocking Minor Upgrade**: [list of keys not acked, or \"None — all gates satisfied\"]\n- **Action**: For each outstanding gate, provide the exact oc patch command using the actual key name.\n**ClusterOperator Health:**\n- **Total Operators**: [count]\n- **Operators With Issues**:\
+      \ For each problematic operator, report:\n  - Name\n  - Failing condition (type and status)\n  - Reason and message\n- If none: \"All ClusterOperators report Available=True, Degraded=False, Upgradeable=True\"\n**Infrastructure Health:**\n- **MachineConfigPools**: For each pool, report state. Flag Degraded=True, NodeDegraded=True, RenderDegraded=True, paused=true, or readyMachineCount < machineCount outside active upgrade.\n- **Node Status**: Count of NotReady nodes with names and reasons. Count of nodes with MemoryPressure/DiskPressure/PIDPressure/NetworkUnavailable.\n- **Resource Pressure**: From nodes_top, list nodes with >90% CPU or memory.\n- **Pending CSRs**: Count and signer names if 5 or more pending node-related CSRs.\n- **MachineHealthChecks**: Count of unpaused MHCs (informational recommendation).\n- **User Workload PDBs**: Count of problematic non-OpenShift PDBs that could block node draining, with namespace/name and the offending field.\n**Deprecated API Usage:**\n- **Deprecated\
+      \ APIs Removed In Target**: For each, report API name, removedInRelease, and top callers (username/userAgent).\n- If none or APIRequestCount unavailable: state explicitly.\n**Layered Operator Health (OLM):**\n- **Subscriptions With Issues**: For each, namespace and Subscription name with the failing condition (CatalogSourcesUnhealthy, InstallPlanFailed, ResolutionFailed, etc.).\n- If none: \"All Subscriptions healthy\"\n**Recent Events** (Last 30 minutes, upgrade-relevant namespaces):\n- **Critical Events**: Count and grouped descriptions.\n- **Warning Events**: Count and grouped descriptions.\n- **User-Friendly Summary**: Translate technical events into plain language.\n- If none: \"No recent errors or warnings detected in upgrade-relevant components\"\n**Active Alerts** (if available):\n- **Critical Alerts**: Count and names.\n- **Warning Alerts**: Count and names.\n- **Impact on Upgrade**: For each, explain effect on upgrade readiness.\n- If unavailable: skip section.\n**Configuration:**\n\
+      - **Overrides**: Any spec.overrides entries with unmanaged=true.\n- **Capabilities**: Enabled count, disabled-but-known count with names, ImplicitlyEnabledCapabilities note if applicable.\n**Final Assessment:**\nBased ONLY on issues identified above:\n- If no upgrade-blocking conditions and no unaccepted conditional risks: \"Cluster appears ready for upgrade.\"\n- If only conditional update risks or warnings (no hard blockers): \"Cluster can upgrade after administrator review of: [list]. No hard blockers.\"\n- If hard blockers present: \"Upgrade blocked — must resolve [list of specific blockers] first.\"\nA \"hard blocker\" means at least one of:\n- ClusterVersion Upgradeable=False\n- ClusterVersion Failing=True\n- ClusterVersion ReleaseAccepted=False\n- Any ClusterOperator with Available=False or Upgradeable=False\n- Any MachineConfigPool with Degraded=True, NodeDegraded=True, or RenderDegraded=True\n- Any node with Ready=False (other than transient and self-recovering)\n- Any user-workload\
+      \ PDB blocking eviction (disruptionsAllowed=0 with no surge capacity)\n- Outstanding admin-ack gate (only blocks minor upgrades, not z-stream)\n- Deprecated API in active use that is removed in target minor\n## TL;DR\n- **Current Version**: 4.21.14\n- **Available Updates**: [count from status.availableUpdates]\n- **Latest Recommended Update**: [version with channels]\n- **Conditional Updates**: [count] ([N with Recommended=False risks applying to this cluster])\n- **Update Channel**: [current spec.channel] ([valid / not in status.desired.channels])\n- **Channel Options**: [available channels for current version]\n- **Capabilities**: [enabled count / disabled count with names]\n- **Initial Version**: [from history with date]\n- **Last Upgrade**: [most recent completed upgrade with date]\n- **Cincinnati Health**: [service status with timestamp]\n- **Admin-Ack Gates**: [satisfied | N outstanding: list of keys]\n- **Upgrade Blocked**: [Yes | No — only \"Yes\" if a hard blocker per definition\
+      \ above is present]\n- **Upgrade Blockers**: [specific list with status field values, or \"No blockers\"]\n- **Conditional Risks To Acknowledge**: [risk names with target versions, or \"None\"]\n- **Unhealthy ClusterOperators**: [count and names with the failing condition]\n- **Degraded MCPs**: [count and names with failing condition]\n- **Paused MCPs**: [names if any]\n- **Node Issues**: [count of NotReady or pressure-affected nodes with names]\n- **Resource Pressure**: [nodes with >90% CPU or memory]\n- **User Workload PDBs Blocking Drain**: [count with namespace/name]\n- **Pending Node CSRs**: [count if >= 5, else omit or \"None significant\"]\n- **Deprecated APIs In Use**: [count removed in target, with API names]\n- **Layered Operator Issues**: [count of unhealthy Subscriptions]\n- **Recent Events**: [count of upgrade-relevant errors/warnings in last 30 min]\n- **Active Alerts**: [count of critical/warning, skip if unavailable]\n- **Configuration Issues**: [overrides or capability\
+      \ concerns]\n- **Recommendation**: [Proceed with upgrade | Address warnings first | Blocked — resolve listed issues]\n</output_format>\n"
+    expected_response: "## Summary\n**Update Service Health**\n- **Cincinnati Service**: Default Red Hat update service\n- **Service Status**: RetrievedUpdates condition status: True\n- **Last Update Check**: 2026-06-18 08:21:46 UTC\n- **Update Channel**: stable-4.21\n- **Channel Validity**: Confirmed valid for current version\n- **Cluster ID**: 9e243f71-6021-4104-b7e2-62121afead38\n\n**Cluster History Context**\n- **Initial Version**: 4.21.14 (2026-05-13)\n- **Upgrade Path**: 4.21.14 → 4.21.19\n- **Last Completed Upgrade**: 4.21.14 (2026-05-13)\n- **Partial/Failed Upgrade History**: None\n- **Cluster Age**: 36 days\n\n**Available Updates**\n- **Recommended Updates**: 5\n- **Conditional Updates**: 0\n- **Conditional Update Risk Analysis**: No conditional update risks apply to this cluster\n\n**Upgrade Readiness Assessment**\n**ClusterVersion Conditions:**\n- **Failing**: type=\"Failing\" found with status=\"False\" → Cluster is NOT failing\n- **Upgradeable**: type=\"Upgradeable\" not found\
+      \ → Upgrades allowed\n- **Available**: type=\"Available\" found with status=\"True\" → Component IS available\n- **Progressing**: type=\"Progressing\" found with status=\"False\" → Cluster is NOT progressing\n- **RetrievedUpdates**: status=\"True\" → Update service healthy\n- **ReleaseAccepted**: status=\"True\" → Release image accepted\n- **ImplicitlyEnabledCapabilities**: status=\"True\" → A capability disabled in spec was implicitly enabled\n\n**Admin-Ack Gates (Minor Upgrade Prerequisite):**\n- **Defined Gates** (from openshift-config-managed/admin-gates): None\n- **Acknowledged** (from openshift-config/admin-acks with value \"true\"): None\n- **Outstanding Gates Blocking Minor Upgrade**: None — all gates satisfied\n\n**ClusterOperator Health:**\n- **Total Operators**: 28\n- **Operators With Issues**: All ClusterOperators report Available=True, Degraded=False, Upgradeable=True\n\n**Infrastructure Health:**\n- **MachineConfigPools**: \n  - master: Updated=True, Updating=False, Degraded=False\n\
+      \  - worker: Updated=True, Updating=False, Degraded=False\n- **Node Status**: 0 NotReady nodes\n- **Resource Pressure**: None\n- **Pending CSRs**: None significant\n- **MachineHealthChecks**: 0 unpaused MHCs\n- **User Workload PDBs Blocking Drain**: 1 (openshift-image-registry, minAvailable=0)\n\n**Deprecated API Usage:**\n- **Deprecated APIs Removed In Target**: None\n\n**Layered Operator Issues:**\n- **Subscriptions With Issues**: All Subscriptions healthy\n\n**Recent Events** (Last 30 minutes, upgrade-relevant namespaces):\n- **Critical Events**: 1 (FailedScheduling for cluster-version-operator)\n- **Warning Events**: 0\n- **User-Friendly Summary**: \"Cluster version operator pod could not be scheduled due to port availability.\"\n\n**Active Alerts**: None available\n\n**Configuration Issues:**\n- **Overrides**: None\n- **Capabilities**: 10 enabled, 0 disabled\n\n**Recommendation**: Cluster appears ready for upgrade.\n\n## TL;DR\n- **Current Version**: 4.21.14\n- **Available Updates**:\
+      \ 5\n- **Latest Recommended Update**: 4.21.19 (channels: candidate-4.21, fast-4.21, stable-4.21)\n- **Conditional Updates**: 0 (None)\n- **Update Channel**: stable-4.21 (valid)\n- **Channel Options**: candidate-4.21, fast-4.21, stable-4.21\n- **Capabilities**: 10 enabled / 0 disabled\n- **Initial Version**: 4.21.14 (2026-05-13)\n- **Last Upgrade**: 4.21.14 (2026-05-13)\n- **Cincinnati Health**: Service healthy\n- **Admin-Ack Gates**: Satisfied\n- **Upgrade Blocked**: No\n- **Upgrade Blockers**: None\n- **Conditional Risks To Acknowledge**: None\n- **Unhealthy ClusterOperators**: 0\n- **Degraded MCPs**: 0\n- **Paused MCPs**: None\n- **Node Issues**: 0\n- **Resource Pressure**: None\n- **User Workload PDBs Blocking Drain**: 1 (openshift-image-registry, minAvailable=0)\n- **Pending Node CSRs**: None significant\n- **Deprecated APIs In Use**: 0\n- **Layered Operator Issues**: 0\n- **Recent Events**: 1 critical event\n- **Active Alerts**: None\n- **Configuration Issues**: None"
+    turn_metrics:
+    - custom:answer_correctness
+    - geval:output_format_compliance
+    - geval:technical_accuracy
+- conversation_group_id: conv_799
+  tag: cluster-updates-scenarios
+  turns:
+  - turn_id: turn_001
+    query: "# OpenShift Cluster Upgrade Pre-Check Analysis\n\n<constraints>\n- LANGUAGE REQUIREMENT: Respond in English. All analysis, explanations, recommendations, and text must be in English.\n\n- YOU MUST ALWAYS CALL THE TOOLS TO GET THE INFORMATION. YOU SHOULD NEVER TREAT DATA FROM EXAMPLES AS REAL DATA.\n- YOU MUST ALWAYS REFERENCE REAL DATA FROM TOOL CALLS. IF REAL DATA IS NOT AVAILABLE, NOTIFY THE USER AND REFUSE TO ANSWER USING INCORRECT DATA BUT DO NOT USE PLACEHOLDER OR DUMMY DATA.\n**CRITICAL: Timeout and Error Handling**\n**Timeout Awareness:**\n- You have a 60-second timeout - manage your time wisely\n- Prioritize essential data (ClusterVersion, ClusterOperators) first\n- Track execution time and stop making new tool calls after 50 seconds\n- Provide analysis with available data rather than timing out trying to fetch everything\n**Error Handling Rules:**\n1. **Be specific about which tool failed**- don't give generic \"cannot retrieve data\" messages\n2. **Explain what data\
+      \ you're missing**- e.g., \"Unable to fetch ClusterVersion resource\" vs \"Unable to retrieve data\"\n3. **Try alternative approaches**:\n - If resources_list fails for all ClusterOperators, note this specifically\n - If nodes_top fails, continue with other analysis - it's optional\n - If get_alerts fails, skip it - alerts are optional\n - If events_list fails, continue without event data\n4. **Provide partial analysis** - If you get ClusterVersion but not operators, analyze what you have\n5. **Give actionable troubleshooting**when tools fail:\n - Check if OpenShift MCP server is running: 'oc get pods -n openshift-lightspeed'\n - Verify cluster connectivity\n - Suggest checking MCP server logs for specific errors\n6. **NEVER give up completely**- Always provide SOME analysis even with partial data\n**Tool Call Priority to Avoid Timeouts:**\n**PHASE 1 - ESSENTIAL (Always fetch):**\n1. resources_get: ClusterVersion (apiVersion: \"config.openshift.io/v1\", kind: \"ClusterVersion\", name:\
+      \ \"version\")\n2. resources_list: ClusterOperator (apiVersion: \"config.openshift.io/v1\", kind: \"ClusterOperator\")\n**PHASE 2 - IMPORTANT (Fetch if time permits, under 45 seconds total):**\n3. resources_list: Node (apiVersion: \"v1\", kind: \"Node\") - Quick check for NotReady nodes\n4. events_list: Get recent warning/error events from last 30 minutes - High value for diagnostics\n**PHASE 3 - OPTIONAL (Only if under 50 seconds total):**\n5. resources_list: MachineConfigPool (apiVersion: \"machineconfiguration.openshift.io/v1\", kind: \"MachineConfigPool\")\n6. nodes_top: Check node CPU/memory usage\n7. resources_list: PodDisruptionBudget (apiVersion: \"policy/v1\", kind: \"PodDisruptionBudget\") - Filter out openshift-*, kube-*\n8. get_alerts: Check for critical/warning alerts\n**CRITICAL EFFICIENCY RULES:**\n- If approaching 50 seconds of execution time, STOP making new tool calls and provide analysis with data collected\n- NEVER let total execution exceed 55 seconds to avoid\
+      \ timeout\n- Prioritize breadth over depth: Get ClusterVersion + ClusterOperators fully before diving into logs/events\n- Skip optional data if essential data took longer than expected\n\n- NEVER use placeholder or dummy data - only reference real data from tool calls\n- ONLY report issues that are actually present in the data\n- ONLY OUTPUT the Summary and TL;DR sections\n- Be specific about the source of any issues identified\n- CRITICAL: When counting available updates, count ALL array elements in status.availableUpdates\n- CRITICAL: Check status.conditionalUpdates for ALL versions from 4.21.16 to 4.21.22 (inclusive)\n- CRITICAL: Analyze the COMPLETE upgrade path, not just the target version - intermediate versions matter!\n</constraints>\n\n<context>\nThis is a pre-upgrade analysis for OpenShift cluster upgrade from 4.21.16 to 4.21.22. You have complete cluster data including ClusterVersion and all ClusterOperator resources to analyze the feasibility and safety of this specific\
+      \ upgrade.\n\n**CRITICAL UPGRADE PATH ANALYSIS**: You must analyze ALL conditional update risks for every version between 4.21.16 and 4.21.22 (inclusive). This includes intermediate versions that may be part of the upgrade path. For example, if upgrading from 4.21.16 to 4.21.22, you must check for risks at 4.21.17, 4.21.18, 4.21.19, 4.21.20, 4.21.21, and 4.21.22. Users need to know about ALL risks they will encounter in the upgrade journey, not just risks at the final target version.\n</context>\n\n<condition_checking_guide>\nCRITICAL: Understanding Kubernetes/OpenShift Conditions\n\nConditions have TWO important fields you MUST check:\n- **type**: The name of the condition (e.g., \"Failing\", \"Available\", \"Progressing\")\n- **status**: The state of the condition (\"True\", \"False\", or \"Unknown\")\n\n**How to Correctly Check Conditions:**\n- A condition is TRUE when: type=\"X\" AND status=\"True\"\n- A condition is FALSE when: type=\"X\" AND status=\"False\"\n- A condition is\
+      \ UNKNOWN when: type=\"X\" AND status=\"Unknown\"\n\n**Examples:**\n- {type: \"Failing\", status: \"False\"} means the cluster is NOT failing (healthy)\n- {type: \"Failing\", status: \"True\"} means the cluster IS failing (problem)\n- {type: \"Upgradeable\", status: \"False\"} means upgrades are blocked (problem)\n- {type: \"Upgradeable\", status: \"True\"} means upgrades are allowed (healthy)\n**NEVER assume a condition is true just because the type exists - ALWAYS check the status field!**\n</condition_checking_guide>\n\n<critical_analysis_requirements>\n\n1. **Target Version Verification** (PRIORITY):\n - Look in status.availableUpdates array for 4.21.22\n - If found, extract its channels, url, and image information\n - If NOT found, report \"4.21.22 is not available for upgrade\"\n\n1a. **Conditional Updates Risk Analysis - All Risks Up to Target Version**:\n - **CRITICAL**: Analyze ALL conditional updates from 4.21.16 up to and including 4.21.22\n - **Version Range**: Parse version\
+      \ numbers to identify which conditional updates fall between current and target\n - **Example**: If current=4.21.16, target=4.21.22, analyze risks for: 4.21.17, 4.21.18, 4.21.19, 4.21.20, 4.21.21, 4.21.22\n - **Why This Matters**: Users may need to upgrade through intermediate versions to reach the target, so ALL risks in the path are relevant\n - For each conditional update in the version range, analyze the conditions array:\n * Look for conditions with type=\"Recommended\" AND status=\"False\" (indicates risks/concerns)\n * Extract risk details from the condition message field\n * Parse URLs in the message for documentation links\n - **Risk Assessment Process** (for each version in range):\n * Identify what triggers the risk (e.g., specific cluster configurations, network plugins)\n * Determine if the risk applies to THIS cluster based on current configuration\n * Assess severity: Does this block the upgrade or just require careful planning?\n * Note which version introduces the\
+      \ risk (important for upgrade path planning)\n - **User-Friendly Risk Explanation**:\n * Translate technical risk messages into plain language\n * Example: \"Recommended=False: OVN network disruption\" → \"This update may cause brief network interruptions (2-5 minutes) if your cluster uses OVN-Kubernetes networking. Plan for a maintenance window.\"\n * Show version where risk appears: \"Risk at 4.21.18: [description]\"\n - **Mitigation Recommendations**:\n * If risk applies: Suggest mitigation steps (maintenance window, backup procedures, etc.)\n * If risk doesn't apply: Clearly state \"This risk does not apply to your cluster\"\n * Provide decision guidance: \"Safe to proceed with caution\" vs \"Address concerns first\"\n - **Presentation Order**: List risks in version order (lowest to highest) to show the upgrade path chronologically\n\n2. **Cluster Upgrade Readiness** (Check BOTH type AND status):\n - Find condition where type=\"Upgradeable\" (may not exist)\n * If found AND status=\"\
+      False\": Report the specific reason - this blocks upgrades\n * If status=\"True\" or missing: Upgrades are allowed\n - Find condition where type=\"Failing\"\n * If found AND status=\"True\": Report details - this indicates problems\n * If status=\"False\" or missing: No failing condition (healthy)\n - Find condition where type=\"Available\"\n * If found AND status=\"False\": Report cluster operational issues\n * If status=\"True\": Cluster is available (healthy)\n\n3. **ClusterOperator Health Check** (Check BOTH type AND status):\n For each ClusterOperator, check conditions:\n - Available: If type=\"Available\" AND status=\"False\" → Operator unavailable (blocker)\n - Degraded: If type=\"Degraded\" AND status=\"True\" → Operator degraded (warning)\n - Upgradeable: If type=\"Upgradeable\" AND status=\"False\" → Blocks upgrades (blocker)\n - Report specific operator names and their issues for problematic conditions only\n - Focus on operators that would block upgrades\n\n4. **Current\
+      \ Cluster Configuration**:\n - Extract spec.channel (current update channel)\n - Extract spec.clusterID\n - Check if spec.upstream is configured (custom Cincinnati server)\n - Note status.conditions RetrievedUpdates condition\n\n5. **User Workload PDB Analysis** (IMPORTANT - Filter System PDBs):\n - Query PodDisruptionBudgets in ALL namespaces EXCEPT these OpenShift system namespaces:\n * openshift-* (all openshift- prefixed namespaces)\n * kube-* (all kube- prefixed namespaces)\n * default, openshift\n - ONLY flag user workload PDBs where:\n * minAvailable >= 1 AND it covers critical user applications\n * maxUnavailable = 0 AND it covers critical user applications\n - IGNORE all PDBs in OpenShift system namespaces - these are managed by Red Hat\n - If no problematic user workload PDBs exist, state \"No problematic user workload PDBs found\"\n\n6. **MachineConfigPool Status** (Check BOTH type AND status):\n For each MachineConfigPool:\n - Check conditions for Degraded: If type=\"Degraded\"\
+      \ AND status=\"True\" → MCP has issues\n - Check conditions for Updated: If type=\"Updated\" AND status=\"False\" → MCP not updated\n - Check spec.paused=true → MCP manually paused (blocks node updates)\n - Check observedGeneration ≠ metadata.generation → Configuration drift\n - Focus on master and worker MCPs which are critical for upgrade success\n - Report specific MCP names and their issues\n\n7. **Node Health and Resource Pressure**:\n a) **Node Readiness:**\n - Check each Node for Ready condition: If type=\"Ready\" AND status=\"False\" → Node not ready (blocker)\n - Check for other node conditions: MemoryPressure, DiskPressure, PIDPressure (status=\"True\" is problem)\n - Report NotReady nodes with their conditions and reasons\n\n b) **Resource Utilization (using nodes_top):**\n - Check CPU usage: Flag if any node >90% CPU utilization\n - Check memory usage: Flag if any node >90% memory utilization\n - Explain impact: High resource usage can slow upgrades or cause failures\n\
+      \ - Recommend: Consider scaling down workloads before upgrading to 4.21.22 if resources are constrained\n\n8. **Cincinnati Update Service Health**:\n - Check spec.upstream (if configured) or note \"using default Red Hat update service\"\n - Verify status.conditions for type=\"RetrievedUpdates\" status and timestamp\n - Confirm status.availableUpdates or status.conditionalUpdates contains 4.21.22\n - Cluster ID for telemetry (spec.clusterID)\n - Signature verification status (spec.signatureStores if present, otherwise default stores)\n\n9. **Recent Events Analysis** (using events_list):\n - Query recent events from last 30 minutes\n - Focus on Warning and Error type events\n - Filter for upgrade-related namespaces: openshift-cluster-version, openshift-*\n - Look for patterns: repeated errors, failing pods, configuration issues\n - **User-Friendly Explanation**: Translate technical events into plain language\n - Report only events that are relevant to upgrade readiness for 4.21.22\n\
+      \ - Group similar events to avoid overwhelming users\n\n10. **Active Alerts Assessment** (using get_alerts - if available):\n - Query Alertmanager for active alerts\n - Focus on Critical and Warning severity alerts\n - **Upgrade Impact Analysis**:\n * Critical alerts → Likely upgrade blockers, must resolve first\n * Warning alerts → May cause issues, recommend resolving\n * Info alerts → Monitor but don't block\n - **User-Friendly Translation**: Explain what each alert means in simple terms\n - Provide actionable recommendations for each alert\n - If get_alerts tool not available: Skip this check (gracefully handle tool absence)\n\n</critical_analysis_requirements>\n\n<output_format>\n## Summary\n\nProvide a clear assessment based ONLY on real data from tool calls (resources_get and resources_list). Be specific about:\n- **Whether 4.21.22 is available for upgrade** (found in status.availableUpdates or status.conditionalUpdates)\n- **ALL conditional update risks in the upgrade path\
+      \ from 4.21.16 to 4.21.22** (analyze status.conditionalUpdates for ALL versions in range)\n- **Current cluster upgrade readiness** (check Upgradeable=False, Failing=True, degraded operators)\n- **Any problematic USER WORKLOAD PDBs** (not OpenShift system PDBs)\n- **Infrastructure issues**that would prevent the upgrade to 4.21.22\n\n**CRITICAL INSTRUCTION**: Parse version numbers from status.conditionalUpdates and identify which versions fall between 4.21.16 and 4.21.22. Report risks for ALL of these versions, not just 4.21.22.\n\n**Target Version Analysis**\n- **Availability**: [Whether 4.21.22 is in availableUpdates or conditionalUpdates]\n- **Channels**: [Channels available for 4.21.22]\n- **Release Information**: [URL and metadata for 4.21.22 if available]\n\n**Conditional Updates Risk Analysis - Upgrade Path from 4.21.16 to 4.21.22**:\n- **Version Range Analyzed**: [List all versions between 4.21.16 and 4.21.22 that have conditional update risks]\n- **Total Risks in Upgrade Path**:\
+      \ [Count of all risk conditions across all versions in the range]\n- **Risk Details by Version** (in chronological order from lowest to highest version):\n\n For each version with risks in the upgrade path:\n * **Version**: [e.g., 4.21.18]\n * **Risk Conditions**: [List conditions with Recommended=False for this version]\n   - Risk: [Human-readable risk description from condition message]\n   - Applies to this cluster: [Yes/No with explanation]\n   - Severity: [Blocker / Requires Planning / Minor Concern]\n   - Mitigation: [Specific steps to address this risk]\n   - Documentation: [URL from message if available]\n\n- **Cumulative Risk Assessment for Upgrade Path**:\n * If no risks in path: \"No conditional update risks from 4.21.16 to 4.21.22\"\n * If risks don't apply: \"Conditional updates exist but risks do not apply to this cluster configuration\"\n * If risks apply but manageable: \"Upgrade path has manageable risks - schedule maintenance window and review all mitigations\"\n\
+      \ * If risks are severe: \"Review all risks carefully before proceeding - multiple versions in upgrade path have concerns\"\n * **Planning Guidance**: \"You will encounter [X] risk conditions across [Y] versions in the upgrade path from 4.21.16 to 4.21.22\"\n\n**Upgrade Readiness Assessment**\n\nYOU MUST explicitly state the status field value for each condition you check:\n**ClusterVersion Conditions:**\n- **Failing Condition**: [type=\"Failing\" found with status=\"X\"] → [Interpretation: if status=\"False\" then NOT failing/healthy, if status=\"True\" then failing/problem]\n- **Upgradeable Condition**: [type=\"Upgradeable\" found with status=\"X\" OR not found] → [Interpretation: if status=\"False\" then upgrades blocked, if status=\"True\" or missing then upgrades allowed]\n- **Available Condition**: [type=\"Available\" found with status=\"X\"] → [Interpretation: if status=\"True\" then available/healthy, if status=\"False\" then not available/problem]\n**ClusterOperator Health:**\n\
+      - Verify ClusterOperator resources in config.openshift.io/v1 API group\n- For each operator, check status.conditions and explicitly state status field values\n- Flag operators with: Available status=\"False\" OR Degraded status=\"True\" OR Upgradeable status=\"False\"\n- Include their message and reason fields\n**Infrastructure Health:**\n- **MachineConfigPools**: [Count and status of MCPs - report Degraded, Paused, or out-of-sync pools]\n- **Node Status**: [Count NotReady nodes with their reasons]\n- **Resource Pressure**: [From nodes_top - report nodes with >90% CPU or memory usage]\n- **User Workload PDBs**: [Count of problematic non-OpenShift PDBs that could block node draining]\n**Cincinnati Update Service Health**:\n- **Service Configuration**: [spec.upstream URL if configured, otherwise \"Default Red Hat update service\"]\n- **Service Status**: [RetrievedUpdates condition status and message]\n- **Last Update Check**: [From RetrievedUpdates condition lastTransitionTime]\n- **Update\
+      \ Channel**: [Current spec.channel]\n- **Cluster ID**: [spec.clusterID for telemetry]\n**Recent Events** (Last 30 minutes):\n- **Critical Events**: [Count and description of error events]\n- **Warning Events**: [Count and description of warning events]\n- **User-Friendly Summary**: [Translate technical events into plain language explanation]\n- **Example**: \"3 ImagePullBackOff events in openshift-authentication - operator unable to download container images\"\n- If no concerning events: \"No recent errors or warnings detected\"\n**Active Alerts** (if available):\n- **Critical Alerts**: [Count and names of firing critical alerts]\n- **Warning Alerts**: [Count and names of firing warning alerts]\n- **Impact on Upgrade**: [Explain how these alerts affect upgrade readiness to 4.21.22]\n- **User-Friendly Explanation**: [Translate alert names into actionable recommendations]\n- **Example**: \"KubePersistentVolumeFillingUp: Storage volume is 85% full - free up space before upgrading\"\n\
+      - If alerts not available: Skip this section\n\n**Final Assessment**:\nIf 4.21.22 is available and no critical issues are found:\n- If no conditional risks in upgrade path: Clearly state the cluster appears ready for upgrade to 4.21.22\n- If conditional risks exist but don't apply: State the upgrade path is clear despite conditional updates existing\n- If conditional risks apply: Explain ALL risks across the upgrade path and provide comprehensive mitigation guidance\n\n**Upgrade Path Summary**:\n- List ALL versions with conditional update risks between 4.21.16 and 4.21.22\n- For multi-hop upgrades, clarify that risks at intermediate versions will be encountered\n- Provide consolidated recommendation considering ALL risks in the path, not just target version\n\nIf 4.21.22 is not available, recommend the closest available version and analyze risks for that path instead.\n\n## TL;DR\n- **Current Version**: 4.21.16\n- **Target Version**: 4.21.22\n- **Target Available**: [Yes in availableUpdates\
+      \ / Yes in conditionalUpdates with risks / No]\n- **Upgrade Path**: [4.21.16 → 4.21.22, list intermediate versions if applicable]\n- **Conditional Risks in Upgrade Path**: [Total count of risk conditions across ALL versions from 4.21.16 to 4.21.22, or \"None\"]\n- **Versions with Risks**: [List versions in upgrade path that have conditional update risks, e.g., \"4.21.18, 4.21.20\" or \"None\"]\n- **Risks Apply to Cluster**: [Yes/No - if ANY conditional risks in upgrade path apply to this cluster configuration]\n- **Risk Severity**: [If risks exist: Blocker / Requires Planning / Minor Concern / Does Not Apply]\n- **Target Channels**: [Channels for 4.21.22 if available]\n- **Current Channel**: [spec.channel from ClusterVersion]\n- **Cincinnati Health**: [Update service status, e.g., \"Default service healthy (RetrievedUpdates=True)\" or \"Custom upstream: URL (status)\"]\n- **Upgrade Blocked**: [Yes if blocked / No if not blocked - ONLY report \"Yes\" if: Upgradeable condition has status=\"\
+      False\" OR Failing condition has status=\"True\" OR operators have Available status=\"False\" or Upgradeable status=\"False\"]\n- **Upgrade Blockers**: [if blockers exist with specific reason - MUST include the actual status field value you read, e.g., \"Upgradeable condition status=False: reason message\" OR \"No blockers - all conditions healthy\"]\n- **Unhealthy ClusterOperators**: [count and names if any]\n- **User Workload PDBs**: [count of problematic NON-OpenShift PDBs]\n- **Degraded MCPs**: [count and names if any]\n- **Node Issues**: [count of NotReady nodes if any, include Ready=False reason]\n- **Resource Pressure**: [nodes with >90% CPU or memory usage]\n- **Recent Events**: [count of error/warning events in last 30 min, user-friendly summary]\n- **Active Alerts**: [count of critical/warning alerts, skip if tool unavailable]\n- **Recommendation**: [Proceed with upgrade to 4.21.22 | Address risks/warnings first | Blocked - resolve issues | Target not available - use X.X.X\
+      \ instead]\n</output_format>\n"
+    expected_response: "## Summary\n\n**Target Version Analysis**\n- **Availability**: 4.21.22 is not available for upgrade (not found in status.availableUpdates or status.conditionalUpdates).\n- **Channels**: Not applicable since the target version is not available.\n- **Release Information**: Not applicable since the target version is not available.\n\n**Conditional Updates Risk Analysis - Upgrade Path from 4.21.16 to 4.21.22**:\n- **Version Range Analyzed**: 4.21.16, 4.21.17, 4.21.18, 4.21.19, 4.21.20, 4.21.21, 4.21.22\n- **Total Risks in Upgrade Path**: None (since the target version is not available).\n\n**Upgrade Readiness Assessment**\n- **ClusterVersion Conditions**:\n  - **Failing Condition**: type=\"Failing\" found with status=\"False\" → Cluster is healthy.\n  - **Upgradeable Condition**: type=\"Upgradeable\" not found → Upgrades are allowed.\n  - **Available Condition**: type=\"Available\" found with status=\"True\" → Cluster is available (healthy).\n\n**ClusterOperator Health**:\n\
+      - All ClusterOperators are available and healthy (status=\"True\").\n\n**Infrastructure Health**:\n- **MachineConfigPools**: 2 MCPs (master and worker) are healthy (not degraded).\n- **Node Status**: 1 node (crc) is Ready.\n- **User Workload PDBs**: No problematic user workload PDBs found.\n\n**Cincinnati Update Service Health**:\n- **Service Configuration**: Using default Red Hat update service.\n- **Service Status**: RetrievedUpdates condition status is True.\n- **Update Channel**: Current spec.channel is stable-4.21.\n\n**Recent Events**: \n- No recent errors or warnings detected.\n\n**Final Assessment**:\n- The upgrade to 4.21.22 is not possible as it is not available. The closest available version should be considered for upgrade.\n\n## TL;DR\n- **Current Version**: 4.21.16\n- **Target Version**: 4.21.22\n- **Target Available**: No\n- **Upgrade Path**: 4.21.16 → 4.21.22\n- **Conditional Risks in Upgrade Path**: None\n- **Versions with Risks**: None\n- **Risks Apply to Cluster**:\
+      \ No\n- **Risk Severity**: None\n- **Target Channels**: None\n- **Current Channel**: stable-4.21\n- **Cincinnati Health**: Default service healthy (RetrievedUpdates=True)\n- **Upgrade Blocked**: Yes (target version not available)\n- **Upgrade Blockers**: No blockers - all conditions healthy\n- **Unhealthy ClusterOperators**: None\n- **User Workload PDBs**: None\n- **Degraded MCPs**: None\n- **Node Issues**: None\n- **Resource Pressure**: None\n- **Recent Events**: No recent errors or warnings detected\n- **Recommendation**: Target not available - use the closest available version instead."
+    turn_metrics:
+    - custom:answer_correctness
+    - geval:output_format_compliance
+    - geval:technical_accuracy
+- conversation_group_id: conv_800
+  tag: cluster-updates-scenarios
+  turns:
+  - turn_id: turn_001
+    query: "# OpenShift Cluster Health Assessment\n\n<constraints>\n- YOU MUST ALWAYS CALL THE TOOLS TO GET THE INFORMATION. YOU SHOULD NEVER TREAT DATA FROM EXAMPLES AS REAL DATA.\n- YOU MUST ALWAYS REFERENCE REAL DATA FROM TOOL CALLS. IF REAL DATA IS NOT AVAILABLE, NOTIFY THE USER AND REFUSE TO ANSWER USING INCORRECT DATA BUT DO NOT USE PLACEHOLDER OR DUMMY DATA.\n- Use resources_get to fetch the ClusterVersion resource (apiVersion: \"config.openshift.io/v1\", kind: \"ClusterVersion\", name: \"version\")\n- Use resources_list to fetch all ClusterOperator resources (apiVersion: \"config.openshift.io/v1\", kind: \"ClusterOperator\")\n- Assess ONLY the actual cluster state from tool call data\n- Distinguish between system health and user workload issues\n- Provide actionable recommendations for administrators\n- ONLY OUTPUT the Summary and TL;DR sections\n- LANGUAGE REQUIREMENT: Respond in English. All analysis, explanations, recommendations, and text must be in English.\n</constraints>\n\
+      \n<context>\nHealth assessment for OpenShift cluster with no available updates. You have complete cluster data including ClusterVersion and all ClusterOperator resources for comprehensive health analysis.\nFocus on operational health and readiness for future updates.\n</context>\n\n<condition_checking_guide>\nCRITICAL: Understanding Kubernetes/OpenShift Conditions\n\nConditions have TWO important fields you MUST check:\n- **type**: The name of the condition (e.g., \"Failing\", \"Available\", \"Progressing\")\n- **status**: The state of the condition (\"True\", \"False\", or \"Unknown\")\n\n**How to Correctly Check Conditions:**\n- A condition is TRUE when: type=\"X\" AND status=\"True\"\n- A condition is FALSE when: type=\"X\" AND status=\"False\"\n- A condition is UNKNOWN when: type=\"X\" AND status=\"Unknown\"\n\n**Examples:**\n- {type: \"RetrievedUpdates\", status: \"True\"} means updates were retrieved (healthy)\n- {type: \"RetrievedUpdates\", status: \"False\"} means update retrieval\
+      \ failed (problem)\n- {type: \"Failing\", status: \"False\"} means the cluster is NOT failing (healthy)\n- {type: \"Available\", status: \"True\"} means the cluster IS available (healthy)\n**NEVER assume a condition is true just because the type exists - ALWAYS check the status field!**\n</condition_checking_guide>\n\n<health_assessment_requirements>\n\n1. **Current Version and Update Status Analysis** (Check BOTH type AND status):\n - Extract and report current cluster version from status.desired.version\n - Verify status.availableUpdates array is empty (confirming no updates available)\n - Find condition where type=\"RetrievedUpdates\" AND status=\"True\" (confirms update service is working)\n - Analyze why no updates are available (end of channel, latest version, etc.)\n\n2. **Cluster Capabilities Configuration Assessment**:\n - Extract enabled capabilities from status.capabilities.enabledCapabilities\n - Extract known capabilities from status.capabilities.knownCapabilities\n -\
+      \ Identify disabled capabilities (known but not enabled)\n - Assess capability configuration health and consistency\n - Check spec.capabilities.baselineCapabilitySet and additionalEnabledCapabilities\n\n3. **Update Service and Channel Health**:\n - Check spec.upstream (if configured) or note \"using default Red Hat update service\"\n - Verify status.conditions for type=\"RetrievedUpdates\" status and timestamp\n - Confirm update service connectivity is working despite no available updates\n - Current channel from spec.channel\n - Cluster ID for telemetry (spec.clusterID)\n - Signature verification status (spec.signatureStores if present, otherwise default stores)\n\n4. **Cluster Version History Context**:\n - Extract initial cluster version from status.history (first entry)\n - Identify upgrade path from history entries\n - Last completed upgrade and timeframe\n - Total cluster age and upgrade frequency\n - Historical upgrade success pattern\n\n5. **System Component Health** (Check\
+      \ BOTH type AND status for each operator):\n For each ClusterOperator, check conditions:\n - **Available**: If type=\"Available\" AND status=\"False\" → Requires immediate intervention\n - **Degraded**: If type=\"Degraded\" AND status=\"True\" → Degraded state, lower quality of service\n - **Progressing**: If type=\"Progressing\" AND status=\"True\" with errors → Component stuck\n - **Upgradeable**: If type=\"Upgradeable\" AND status=\"False\" → Blocks minor upgrades\n - Verify core platform operators (console, authentication, ingress, etc.) are healthy\n - Check ClusterVersion status.conditions for overall cluster health\n - Report specific operator names and their condition messages for problematic conditions only\n - IMPORTANT: Available=True, Degraded=False, Upgradeable=True are healthy states\n\n6. **Future Update Readiness Assessment** (Check BOTH type AND status):\n - Find condition where type=\"Upgradeable\" (OPTIONAL - may not exist)\n * If found AND status=\"False\": This\
+      \ IS an upgrade blocker - report reason\n * If status=\"True\", missing, or status=\"Unknown\": Future upgrades are allowed\n - Find condition where type=\"Failing\"\n * If found AND status=\"True\": Cluster issues that must be resolved\n * If status=\"False\" or missing: No failing condition (healthy)\n - Review spec.overrides for any unmanaged components that might block future upgrades\n - Identify maintenance items to address proactively\n - User workload PDB analysis for potential upgrade blockers\n\n7. **Operational Health and Recommendations**:\n - Identify issues that affect user applications\n - Focus on problems that cluster administrators can/should address\n - Provide specific, actionable guidance for maintaining cluster health\n - Distinguish from normal system maintenance activities\n - Avoid recommendations for normal system behavior\n\n</health_assessment_requirements>\n\n<output_format>\n## Summary\n**Overall Health Status**\n[Assessment based on actual cluster state\
+      \ data]\n**System Component Status**\n- **Core Services**: [List core platform operators and their health status]\n- **Degraded Operators**: [Any operators with Available=False or Degraded=True]\n- **Progressing Operators**: [Operators currently updating or progressing]\n- **Infrastructure**: [Overall cluster-level status and configuration]\n**Administrator Action Items**\n- **Immediate**: [Issues requiring prompt attention]\n- **Maintenance**: [Items to address during maintenance windows]\n- **Monitoring**: [Things to watch for trends]\n**Future Update Readiness**\n[Assessment of readiness for next OpenShift updates]\n\n## TL;DR\n- **Overall Status**: [Healthy | Minor issues | Attention needed]\n- **System Health**: [Count of healthy vs degraded operators]\n- **Core Platform**: [Status of essential operators: console, authentication, ingress, etc.]\n- **Degraded Components**: [Count and names of any unhealthy operators]\n- **User Impact**: [Any operator issues affecting workloads]\n\
+      - **Action Items**: [Count of items needing administrator attention]\n- **Update Readiness**: [Ready | Operator issues need resolution]\n- **Next Review**: [Recommended reassessment timeframe]\n</output_format>\n"
+    expected_response: '## Summary
+
+      **Overall Health Status**
+
+      The OpenShift cluster is currently healthy, with all core services operational and no critical issues detected.
+
+
+      **System Component Status**
+
+      - **Core Services**: All core platform operators (authentication, console, ingress, etc.) are healthy with status "Available: True" and "Degraded: False."
+
+      - **Degraded Operators**: None.
+
+      - **Progressing Operators**: None.
+
+      - **Infrastructure**: The cluster is running version 4.21.14 with no available updates.
+
+
+      **Administrator Action Items**
+
+      - **Immediate**: No immediate actions required.
+
+      - **Maintenance**: Regular monitoring of cluster conditions and capabilities.
+
+      - **Monitoring**: Keep an eye on the "Failing" condition in the ClusterVersion status.
+
+
+      **Future Update Readiness**
+
+      The cluster is ready for future updates, but administrators should monitor the "Failing" condition to ensure it does not impact future upgrade paths.
+
+
+      ## TL;DR
+
+      - **Overall Status**: Healthy
+
+      - **System Health**: All operators are healthy.
+
+      - **Core Platform**: All essential operators are functioning correctly.
+
+      - **Degraded Components**: None.
+
+      - **User Impact**: No operator issues affecting workloads.
+
+      - **Action Items**: No immediate attention needed.
+
+      - **Update Readiness**: Ready for future updates.
+
+      - **Next Review**: Regular monitoring recommended.'
+    turn_metrics:
+    - custom:answer_correctness
+    - geval:technical_accuracy
+- conversation_group_id: conv_801
+  tag: cluster-updates-scenarios
+  turns:
+  - turn_id: turn_001
+    query: "# OpenShift Cluster Upgrade Progress Monitor\n\n<constraints>\n- YOU MUST ALWAYS CALL THE TOOLS TO GET THE INFORMATION. YOU SHOULD NEVER TREAT DATA FROM EXAMPLES AS REAL DATA.\n- YOU MUST ALWAYS REFERENCE REAL DATA FROM TOOL CALLS. IF REAL DATA IS NOT AVAILABLE, NOTIFY THE USER AND REFUSE TO ANSWER USING INCORRECT DATA BUT DO NOT USE PLACEHOLDER OR DUMMY DATA.\n**CRITICAL: Timeout and Error Handling**\n\n**Timeout Awareness (60 second limit):**\n- Progress monitoring needs to be FAST - users expect quick updates\n- ClusterVersion + ClusterOperators gives you operator progress (X of Y) - sufficient for basic progress\n- Events and other data add context but aren't required\n- Target: Complete analysis in under 40 seconds for responsive UX\n- If approaching 50 seconds, provide progress summary immediately\n**Error Handling for Tool Failures:**\n1. **Core data is essential**- ClusterVersion and ClusterOperators are required for progress tracking\n2. **If core resources fail** -\
+      \ Explain specifically what failed and provide troubleshooting\n3. **Optional data can be skipped**- nodes_top, events_list, get_alerts are nice-to-have\n4. **Provide progress with available data**- Even without events, you can show operator progress\n5. **Never give up**- Always show some progress information, even if incomplete\n**Tool Call Priority to Avoid Timeouts:**\n**PHASE 1 - ESSENTIAL (Always fetch - target: 25 seconds):**\n1. resources_get: ClusterVersion (apiVersion: \"config.openshift.io/v1\", kind: \"ClusterVersion\", name: \"version\")\n2. resources_list: ClusterOperator (apiVersion: \"config.openshift.io/v1\", kind: \"ClusterOperator\")\n**PHASE 2 - HELPFUL CONTEXT (Only if under 45 seconds):**\n3. events_list: Get recent events (last 30 minutes) - Quick way to spot warnings\n4. resources_list: MachineConfigPool - Shows node update progress\n**PHASE 3 - NICE-TO-HAVE (Only if under 50 seconds):**\n5. nodes_top: Monitor node resource usage during upgrade\n6. get_alerts:\
+      \ Check for warning alerts (if available)\n**CRITICAL EFFICIENCY RULES:**\n- Progress monitoring is time-sensitive - provide fast updates\n- ClusterVersion + ClusterOperators is sufficient for basic progress (X of Y operators)\n- Events and MCPs add context but aren't required\n- NEVER exceed 55 seconds - better to show quick progress than timeout\n- Users can refresh for updated progress - speed > completeness\n\n- Monitor ONLY actual upgrade progress from tool call data\n- Report specific progress indicators and timelines using EXACT operator counts from the data\n- Use the format \"X of Y operators\" consistently throughout the output\n- Calculate precise percentages: (15 / 28) * 100\n- Format durations in human-readable terms (e.g., \"Approximately 1 hour and 20 minutes\")\n- Use specific operator counts in all sections, not generic descriptions\n- Identify potential issues early with conservative recommendations\n- ONLY OUTPUT the Summary and TL;DR sections exactly as specified\
+      \ in the output format\n- LANGUAGE REQUIREMENT: Respond in English. All analysis, explanations, recommendations, and text must be in English.\n</constraints>\n\n<context>\nMonitor upgrade progress from 4.21.14 to 4.21.17. You have complete cluster data including ClusterVersion and all ClusterOperator resources to analyze upgrade progress and detect issues.\nFocus on detecting issues early while avoiding false alarms.\n</context>\n\n<condition_checking_guide>\nCRITICAL: Understanding Kubernetes/OpenShift Conditions\n\nConditions have TWO important fields you MUST check:\n- **type**: The name of the condition (e.g., \"Failing\", \"Available\", \"Progressing\")\n- **status**: The state of the condition (\"True\", \"False\", or \"Unknown\")\n\n**How to Correctly Check Conditions:**\n- A condition is TRUE when: type=\"X\" AND status=\"True\"\n- A condition is FALSE when: type=\"X\" AND status=\"False\"\n- A condition is UNKNOWN when: type=\"X\" AND status=\"Unknown\"\n\n**Examples:**\n\
+      - {type: \"Progressing\", status: \"True\"} means the cluster IS progressing (upgrading)\n- {type: \"Progressing\", status: \"False\"} means the cluster is NOT progressing (stable)\n- {type: \"Failing\", status: \"False\"} means the cluster is NOT failing (healthy)\n- {type: \"Failing\", status: \"True\"} means the cluster IS failing (problem)\n**NEVER assume a condition is true just because the type exists - ALWAYS check the status field!**\n</condition_checking_guide>\n\n<progress_monitoring_requirements>\n\n1. **Upgrade State Verification** (Check BOTH type AND status):\n - Confirm spec.desiredUpdate.version matches 4.21.17\n - Find condition where type=\"Progressing\" AND status=\"True\" - extract progress details\n - Verify no conditions where type=\"Failing\" AND status=\"True\" are present\n\n2. **Component Progress Tracking** (CRITICAL - Use Provided Operator Counts):\n - You are provided with pre-calculated operator counts: 28 total, 15 updated, 5 updating, 8 pending, 0 failed\n\
+      \ - ALWAYS use the \"X of Y operators\" format consistently:\n * \"**Updated Operators**: 15 of 28 operators at target version 4.21.17\"\n * \"**Updating Operators**: 5 of 28 operators progressing toward target\"\n * \"**Pending Operators**: 8 of 28 operators waiting to start\"\n * \"**Failed Operators**: 0 of 28 operators with issues\"\n - Calculate upgrade completion percentage using the exact formula: (15 / 28) * 100\n - In TL;DR section, use format: \"15 of 28 operators at target version ([X% complete])\"\n - For pending components, combine counts: \"5 updating + 8 pending operators\"\n - NEVER use vague terms like \"several\" or \"most\" - always use exact counts provided\n\n3. **Timeline and ETA Analysis - CRITICAL INSTRUCTIONS**:\n**FINDING THE CORRECT START TIME:**\n - Look in status.history array - it's ordered with MOST RECENT first (index 0)\n - The CURRENT upgrade is the FIRST entry where state=\"Partial\" (in-progress upgrade)\n - Use the startedTime field from that Partial\
+      \ entry ONLY\n - Example: If history[0].state=\"Partial\" and history[0].startedTime=\"2026-05-04T16:59:26Z\", use \"2026-05-04T16:59:26Z\"\n - DO NOT use startedTime from older entries with state=\"Completed\" - those are PREVIOUS upgrades!\n**FORMATTING AND CALCULATIONS:**\n - Format the startedTime as human-readable (e.g., \"May 4, 2026, 4:59:26 PM UTC\")\n - Calculate elapsed time from startedTime to current time\n - Format elapsed time as human-readable duration (e.g., \"Approximately 1 hour and 20 minutes\")\n - Extract progress details from Progressing condition message if available\n - Calculate progress percentage: (15 / 28) * 100\n - Calculate ETA based on current progress rate\n**OUTPUT FORMAT:**\n * \"Upgrade started: [human-readable start time from the Partial entry]\"\n * \"Elapsed time: [Human-readable duration since startedTime]\"\n * \"Current progress: [X% complete]\"\n * \"Estimated completion: [Time remaining]\"\n * \"Progress rate: [On track | Ahead of schedule\
+      \ | Behind schedule]\"\n\n4. **Upgrade Target Analysis**:\n - Current upgrade target from status.desired.version\n - Target release metadata from status.desired (url, channels)\n - Upgrade path validation from current to target version\n - Any upgrade risks or compatibility notes\n\n5. **Cluster History Context During Upgrade**:\n - Previous completed upgrade and duration for comparison\n - Upgrade frequency pattern analysis\n - Any historical upgrade failures or issues\n - Progress comparison with typical upgrade patterns\n\n6. **Early Issue Detection**:\n - Look for warning signs in status.conditions\n - Check for stalled progress indicators in cluster conditions\n - Report specific issues using exact operator counts: \"0 operators with issues\"\n - If no issues: \"No problems requiring immediate attention\"\n - Use format in TL;DR: \"**Issues**: [0 operators with issues if any, otherwise \"No problems requiring immediate attention\"]\"\n - Monitor for unexpected delays compared\
+      \ to historical patterns and report as \"On track\", \"Delayed\", or \"Issues detected\"\n\n</progress_monitoring_requirements>\n\n<output_format>\n## Summary\n**Upgrade Status**\n- **Current Phase**: [Extract from Progressing condition message, e.g., \"Progressing (Working towards 4.21.17: X of Y done (Z% complete))\"]\n- **Elapsed Time**: [Human-readable duration from upgrade start to current time]\n- **Progress Indicators**: [Specific progress details and any operators currently updating]\n**Component Status** (Total: 28 ClusterOperators)\n- **Updated Operators**: 15 of 28 operators at target version 4.21.17\n- **Updating Operators**: 5 of 28 operators progressing toward target\n- **⏸ Pending Operators**: 8 of 28 operators waiting to start\n- **Failed Operators**: 0 of 28 operators with issues\n**Upgrade Target Details**\n- **Target Version**: [4.21.17 from status.desired.version]\n- **Target Release Info**: [Errata URL from status.desired.url if available, format as markdown link]\n\
+      - **Target Channels**: [List available channels from status.desired.channels, comma-separated]\n- **Upgrade Path**: Current version [4.21.14] → Target version [4.21.17]\n**Historical Context**\n- **Previous Upgrade**: [Most recent completed upgrade version and completion timestamp from status.history]\n- **Upgrade Pattern**: [Upgrade frequency analysis and historical success pattern]\n- **Duration Comparison**: [Current upgrade timeline compared to previous upgrade durations and typical patterns]\n**Infrastructure Health During Upgrade**\n- **MachineConfigPool Progress**: [Status of MCPs - are they updating, stuck, or complete?]\n- **Node Resource Pressure**: [From nodes_top - any nodes with high CPU/memory usage?]\n - Example: \"All nodes healthy - CPU usage 45-60%, memory usage 55-70%\"\n - Example: \" Warning: master-0 at 92% memory - monitor for slowdowns\"\n**Recent Progress Events** (Last 30 minutes):\n- **Event Summary**: [Count of events related to upgrade progress]\n- **Warning\
+      \ Signs**: [Any warning events that might slow progress]\n - Example: \"ImagePullBackOff in 3 operators - image download issues may slow upgrade\"\n - Example: \"No concerning events - upgrade progressing normally\"\n- **Positive Indicators**: [Events showing healthy progress]\n - Example: \"12 operators successfully updated to target version\"\n**Health Indicators**\n- **Issues Detected**: [Any warning signs, delays, or specific operator issues requiring attention]\n- **Cluster Status**: [Overall cluster condition health based on ClusterVersion conditions]\n- **Active Alerts**: [Warning/critical alerts during upgrade, if available]\n- **Timeline Analysis**:\n * Upgrade started: [Find the FIRST entry in status.history where state=\"Partial\" - this is the CURRENT upgrade. Use ONLY its startedTime field. Convert from ISO timestamp (e.g., \"2026-05-04T16:59:26Z\") to human-readable (e.g., \"May 4, 2026, 4:59:26 PM UTC\"). DO NOT use startedTime from Completed entries!]\n * Elapsed time:\
+      \ [Calculate duration from the Partial entry's startedTime to current time in human-readable format]\n * Current progress: [X% complete based on operator completion ratio]\n * Estimated completion: [Time remaining calculation based on progress rate]\n * Progress rate: [Assessment: \"On track\", \"Ahead of schedule\", or \"Behind schedule\" compared to typical upgrade window]\n\n## TL;DR\n- **Progress**: [X% complete - (15 Updated Operators / 28 Total Operators) * 100]\n- **Target Version**: [4.21.17 with release info if available]\n- **Target Channels**: [Available channels for target release]\n- **Upgrade Duration**: [Elapsed time from upgrade start]\n- **Status**: [On track | Delayed | Issues detected]\n- **Updated Components**: 15 of 28 operators at target version ([X% complete])\n- **Pending Components**: 5 updating + 8 pending operators\n- **Historical Comparison**: [How current upgrade compares to previous ones]\n- **Issues**: [0 operators with issues if any, otherwise \"No problems\
+      \ requiring immediate attention\"]\n- **Resource Pressure**: [Node CPU/memory status - any nodes >90% usage?]\n- **MCP Status**: [MachineConfigPool progress - all updating normally?]\n- **Recent Events**: [Count of warning events in last 30 min, user-friendly summary]\n- **Alerts**: [Warning/critical alerts during upgrade, if available]\n- **ETA**: [Estimated time remaining based on current progress rate]\n- **Action Required**: [Continue monitoring | Investigate delays | Address operator issues]\n</output_format>\n"
+    expected_response: '## Summary
+
+      **Upgrade Status**
+
+      - **Current Phase**: Progressing (Working towards 4.21.17: 15 of 28 done (53.57% complete))
+
+      - **Elapsed Time**: Approximately 1 hour and 20 minutes
+
+      - **Progress Indicators**: 15 operators updated, 5 operators updating, 8 operators pending
+
+
+      **Component Status** (Total: 28 ClusterOperators)
+
+      - **Updated Operators**: 15 of 28 operators at target version 4.21.17
+
+      - **Updating Operators**: 5 of 28 operators progressing toward target
+
+      - **⏸ Pending Operators**: 8 of 28 operators waiting to start
+
+      - **Failed Operators**: 0 of 28 operators with issues
+
+
+      **Upgrade Target Details**
+
+      - **Target Version**: 4.21.17
+
+      - **Target Release Info**: [Errata URL](https://access.redhat.com/errata/RHSA-2026:20034)
+
+      - **Target Channels**: candidate-4.21, candidate-4.22, fast-4.21, fast-4.22, stable-4.21
+
+      - **Upgrade Path**: Current version 4.21.14 → Target version 4.21.17
+
+
+      **Historical Context**
+
+      - **Previous Upgrade**: 4.21.14 completed on May 13, 2026, at 4:39:58 PM UTC
+
+      - **Upgrade Pattern**: Regular upgrades with no historical failures noted
+
+      - **Duration Comparison**: Current upgrade is on track compared to previous upgrades
+
+
+      **Infrastructure Health During Upgrade**
+
+      - **MachineConfigPool Progress**: Not available due to resource listing failure
+
+      - **Node Resource Pressure**: Warning: Node "crc" at 104% CPU usage - monitor for slowdowns
+
+
+      **Recent Progress Events** (Last 30 minutes):
+
+      - **Event Summary**: Unable to retrieve recent events due to tool failure
+
+      - **Warning Signs**: No concerning events detected
+
+      - **Positive Indicators**: 15 operators successfully updated to target version
+
+
+      **Health Indicators**
+
+      - **Issues Detected**: No problems requiring immediate attention
+
+      - **Cluster Status**: Overall cluster condition is healthy based on ClusterVersion conditions
+
+      - **Active Alerts**: No active alerts detected during upgrade
+
+
+      **Timeline Analysis**:
+
+      - Upgrade started: May 13, 2026, 4:01:13 PM UTC
+
+      - Elapsed time: Approximately 1 hour and 20 minutes
+
+      - Current progress: 53.57% complete
+
+      - Estimated completion: Approximately 1 hour remaining based on current progress rate
+
+      - Progress rate: On track
+
+
+      ## TL;DR
+
+      - **Progress**: 53.57% complete - (15 Updated Operators / 28 Total Operators)
+
+      - **Target Version**: 4.21.17 with release info available
+
+      - **Target Channels**: candidate-4.21, candidate-4.22, fast-4.21, fast-4.22, stable-4.21
+
+      - **Upgrade Duration**: Approximately 1 hour and 20 minutes
+
+      - **Status**: On track
+
+      - **Updated Components**: 15 of 28 operators at target version (53.57% complete)
+
+      - **Pending Components**: 5 updating + 8 pending operators
+
+      - **Historical Comparison**: Current upgrade is on track compared to previous ones
+
+      - **Issues**: 0 operators with issues
+
+      - **Resource Pressure**: Node "crc" at 104% CPU usage - monitor for slowdowns
+
+      - **MCP Status**: Not available due to resource listing failure
+
+      - **Recent Events**: Unable to retrieve recent events
+
+      - **Alerts**: No active alerts during upgrade
+
+      - **ETA**: Approximately 1 hour remaining based on current progress rate
+
+      - **Action Required**: Continue monitoring for resource pressure on node "crc"'
+    turn_metrics:
+    - custom:answer_correctness
+    - geval:output_format_compliance
+    - geval:technical_accuracy
+- conversation_group_id: conv_802
+  tag: cluster-updates-scenarios
+  turns:
+  - turn_id: turn_001
+    query: "# OpenShift Cluster Upgrade Troubleshoot Analysis\n\n<constraints>\n- YOU MUST ALWAYS CALL THE TOOLS TO GET THE INFORMATION. YOU SHOULD NEVER TREAT DATA FROM EXAMPLES AS REAL DATA.\n- YOU MUST ALWAYS REFERENCE REAL DATA FROM TOOL CALLS. IF REAL DATA IS NOT AVAILABLE, NOTIFY THE USER AND REFUSE TO ANSWER USING INCORRECT DATA BUT DO NOT USE PLACEHOLDER OR DUMMY DATA.\n**CRITICAL: Timeout and Error Handling**\n\n**Timeout Awareness (60 second limit):**\n- Prioritize ClusterVersion + ClusterOperators first (essential for failure diagnosis)\n- Fetch events_list early - often explains failures quickly without needing logs\n- Limit pod log fetching - logs are SLOW, only fetch 1-2 critical operators\n- If approaching 50 seconds, STOP and analyze what you have\n- Partial diagnosis is better than timeout\n\n**Error Handling for Tool Failures:**\n1. **Try core resources first** - ClusterVersion and ClusterOperators are essential\n2. **If core resources fail** - Provide specific error and\
+      \ troubleshooting steps\n3. **If optional tools fail** (pods_log, events_list, get_alerts) - Continue with available data\n4. **Provide partial analysis** - Analyze whatever data you successfully retrieved\n5. **Be specific** - \"Unable to fetch operator pod logs from openshift-authentication namespace\" NOT \"cannot retrieve data\"\n6. **Give troubleshooting steps**:\n - Verify MCP server is running: 'oc get pods -n openshift-lightspeed'\n - Check if operator namespaces exist\n - Suggest manual log checking: 'oc logs -n openshift-authentication <pod-name>'\n**Tool Call Priority to Avoid Timeouts:**\n**PHASE 1 - ESSENTIAL (Always fetch - target: 20 seconds):**\n1. resources_get: ClusterVersion (apiVersion: \"config.openshift.io/v1\", kind: \"ClusterVersion\", name: \"version\")\n2. resources_list: ClusterOperator (apiVersion: \"config.openshift.io/v1\", kind: \"ClusterOperator\")\n**PHASE 2 - HIGH-VALUE DIAGNOSTICS (If under 35 seconds):**\n3. events_list: Get events from last 1 hour\
+      \ - Often explains failures quickly\n4. For THE MOST CRITICAL failed operator only (not all):\n * pods_list_in_namespace: Find operator pods\n * pods_log: Get last 50 lines only (not 100) - Logs can be slow!\n**PHASE 3 - OPTIONAL CONTEXT (Only if under 50 seconds):**\n5. resources_list: Node - Check for NotReady nodes\n6. get_alerts: Critical alerts (if available)\n7. Additional operator logs (only if time permits)\n**CRITICAL EFFICIENCY RULES:**\n- LIMIT pod log fetching to 1-2 critical operators max - logs are SLOW\n- Use tail=50 for logs, not tail=100 - faster retrieval\n- If events_list provides the error, SKIP pod logs - events are faster\n- NEVER exceed 55 seconds total execution time\n- Provide analysis with partial data rather than timing out\n\n- Analyze ONLY the actual data from tool calls\n- Report SPECIFIC failure details with actual error messages from logs and events\n- Provide conservative, investigation-focused remediation\n- Focus on root cause identification using\
+      \ real error messages, not aggressive fixes\n- ONLY OUTPUT the Summary and TL;DR sections\n- LANGUAGE REQUIREMENT: Respond in English. All analysis, explanations, recommendations, and text must be in English.\n</constraints>\n\n<context>\nTroubleshoot upgrade issues for cluster attempting to go from 4.21.14 to 4.21.17. You have complete cluster data including ClusterVersion and all ClusterOperator resources to diagnose upgrade failures.\nThis prompt is used when upgrade failures or component degradation is detected.\n</context>\n\n<condition_checking_guide>\n CRITICAL: Understanding Kubernetes/OpenShift Conditions\n\nConditions have TWO important fields you MUST check:\n- **type**: The name of the condition (e.g., \"Failing\", \"Available\", \"Progressing\")\n- **status**: The state of the condition (ONLY these values: \"True\", \"False\", or \"Unknown\")\n**MANDATORY CHECKING PROCESS:**\nFor EVERY condition you analyze, you MUST:\n1. First, locate the condition by its type field\n\
+      2. Second, read the EXACT value of the status field\n3. Third, interpret based ONLY on the status field value:\n - If status=\"True\" → The condition IS active/present\n - If status=\"False\" → The condition is NOT active/NOT present\n - If status=\"Unknown\" → The condition state is uncertain\n**DO NOT report a problem unless status=\"True\" for negative conditions OR status=\"False\" for positive conditions!**\n**Critical Examples - MEMORIZE THESE:**\n- {type: \"Failing\", status: \"False\"} → Cluster is NOT failing → NO PROBLEM\n- {type: \"Failing\", status: \"True\"} → Cluster IS failing → PROBLEM\n- {type: \"Available\", status: \"True\"} → Cluster IS available → NO PROBLEM\n- {type: \"Available\", status: \"False\"} → Cluster is NOT available → PROBLEM\n- {type: \"Degraded\", status: \"False\"} → Cluster is NOT degraded → NO PROBLEM\n- {type: \"Degraded\", status: \"True\"} → Cluster IS degraded → PROBLEM\n**VERIFICATION REQUIREMENT:**\nBefore making ANY conclusion about a condition,\
+      \ you MUST explicitly state:\n\"Condition type='X' has status='Y'\" and then interpret it correctly.\n**NEVER assume a condition is true just because the type exists - ALWAYS check the status field!**\n**The presence of a condition type does NOT mean it is active - check the status field!**\n</condition_checking_guide>\n\n<failure_analysis_requirements>\n\n1. **Upgrade Failure Root Cause**:\n - Find condition where type=\"Failing\" AND status=\"True\"\n - Extract the EXACT reason and message from the Failing condition\n - Check status.history for failed upgrade attempts and their specific errors\n - Identify which component or process is actually failing\n\n2. **ClusterOperator Failure Analysis with Pod Logs** (Check BOTH type AND status):\n - For each ClusterOperator, check conditions:\n * Available: If type=\"Available\" AND status=\"False\" → Operator unavailable (blocker)\n * Degraded: If type=\"Degraded\" AND status=\"True\" → Operator degraded (issue)\n * Progressing: If type=\"\
+      Progressing\" AND status=\"True\" with error messages → Operator stuck\n - Report SPECIFIC operator names and their condition messages for problematic conditions only\n**For each failing/degraded operator, fetch pod logs:**\n - Use pods_list_in_namespace to find operator's pods (usually in openshift-[operator-name] namespace)\n - Use pods_log with tail=50 to get recent logs from failing pods\n - If pod has restarted, also get previous container logs\n - **Extract actual error messages from logs**- don't just say \"check logs\"\n - **Translate technical errors into user-friendly explanations**\n - Example: \"Error: dial tcp 10.0.0.1:6443: i/o timeout\" → \"Operator cannot connect to API server - network connectivity issue\"\n\n3. **Cluster-Level Failure Analysis** (Check BOTH type AND status):\n - Find condition where type=\"Failing\" AND status=\"True\" - extract specific error messages\n - Find condition where type=\"Degraded\" AND status=\"True\" - review degradation reasons\n -\
+      \ Find condition where type=\"Invalid\" AND status=\"True\" - check invalid configuration\n - Look for specific failure reasons in condition messages and status\n - IMPORTANT: Only report as failing if status=\"True\"\n\n4. **Node and Infrastructure Issues**:\n - Check Node resources for NotReady conditions\n - Identify nodes with scheduling issues or resource constraints\n - Look for infrastructure problems affecting the upgrade\n\n5. **MachineConfigPool Issues**:\n - Check for Degraded=True, spec.paused=true, or observedGeneration ≠ metadata.generation\n - These can cause upgrade failures and node configuration problems\n\n6. **Historical Failure Context**:\n - Previous upgrade attempts from status.history\n - Compare current failure with historical upgrade patterns\n - Identify recurring issues or new problems\n - Duration and frequency of past upgrade attempts\n\n7. **Update Target Analysis for Failures**:\n - Failed target version from status.desired.version\n - Release metadata\
+      \ and known issues from status.desired.url\n - Target channel information from status.desired.channels\n - Validate if target version is still available and supported\n\n8. **Cincinnati and Update Service Analysis**:\n - Update service configuration (spec.upstream if custom, otherwise default Red Hat service)\n - Recent update retrieval status from RetrievedUpdates condition\n - Verify availableUpdates is populated (indicates service connectivity)\n - Signature verification status (spec.signatureStores if custom, otherwise default Red Hat stores)\n - Network connectivity issues affecting update process\n\n9. **Failure Events Timeline** (using events_list):\n - Query events from last 1 hour (upgrade failures develop over time)\n - Focus on Error and Warning events in openshift-* namespaces\n - Look for event patterns that explain the failure:\n * CrashLoopBackOff → Operator pod keeps restarting\n * ImagePullBackOff → Cannot download container images\n * OOMKilled → Pod ran out of memory\n\
+      \ * FailedScheduling → Cannot place pods on nodes\n - **Build a timeline**: Show sequence of events leading to failure\n - **User-friendly translation**: Explain technical events in plain language\n - **Example**: \"10 minutes ago: authentication operator pod started crashing (CrashLoopBackOff). 5 minutes ago: authentication unavailable. Now: upgrade blocked\"\n\n10. **Active Critical Alerts** (using get_alerts - if available):\n - Query critical alerts that might explain upgrade failure\n - Focus on infrastructure and operator alerts\n - **Correlation**: Connect alerts to failing operators\n - **Example**: \"KubeAPIDown alert firing - explains why operators can't communicate\"\n - If get_alerts not available: Skip this check\n\n11. **Conservative Remediation Approach**:\n - Focus on investigation and monitoring first\n - Suggest checking logs and status before taking action\n - Avoid aggressive suggestions like \"restart operators\" unless clearly needed\n - Recommend escalation paths\
+      \ for complex issues\n - Consider rollback strategies based on failure severity\n\n</failure_analysis_requirements>\n\n<output_format>\n## Summary\n**Root Cause Analysis**\nBased on the ClusterVersion data:\n- **Current Version**: 4.21.14\n- **Target Version**: 4.21.17\n- **Failure Type**: [Extract from actual Failing condition reason]\n- **Specific Error**: [Quote the actual failure message from conditions]\n**Component Analysis**\n- **Failed ClusterOperators**: [List specific operators with Available=False, Degraded=True, or failing conditions]\n- **Operator Error Details**: [Actual error messages from pod logs - be specific!]\n - Example: \"authentication operator pod logs show: 'Error: certificate expired at 2026-04-15 12:00:00 UTC'\"\n- **Stuck ClusterOperators**: [List operators stuck in Progressing=True with error messages]\n- **Affected Services**: [Impact on cluster functionality based on failed operators]\n**Failed Upgrade Context**\n- **Target Version**: [From status.desired.version\
+      \ with metadata]\n- **Release Information**: [Target release details and known issues from status.desired.url]\n- **Upgrade Path**: [Source → Target version progression]\n- **Target Availability**: [Verify target version is still in available updates]\n**Historical Failure Analysis**\n- **Previous Attempts**: [Recent upgrade attempts from status.history]\n- **Failure Pattern**: [Recurring vs new failure based on history]\n- **Last Successful Upgrade**: [Most recent completed upgrade for comparison]\n- **Cluster Stability**: [Overall upgrade success rate and patterns]\n**Update Service Health**\n- **Service Configuration**: [spec.upstream if custom, otherwise \"Default Red Hat service\"]\n- **Cincinnati Status**: [RetrievedUpdates condition status and message]\n- **Last Update Check**: [Recent update retrieval timestamp from RetrievedUpdates]\n- **Available Updates**: [Confirm availableUpdates array is populated]\n- **Connectivity Issues**: [Network or authentication problems affecting\
+      \ updates]\n**Failure Events Timeline** (Last hour):\n- **Event Summary**: [Count of error vs warning events]\n- **Timeline of Key Events**: [Chronological sequence showing how failure developed]\n - Example: \"60 min ago: Started upgrade to 4.21.17\"\n - Example: \"45 min ago: authentication operator pod started failing (CrashLoopBackOff)\"\n - Example: \"30 min ago: authentication operator marked Degraded\"\n - Example: \"Now: Upgrade stuck, authentication unavailable\"\n- **Technical Errors Found**: [Specific error types: ImagePullBackOff, OOMKilled, etc.]\n- **User-Friendly Explanation**: [What these events mean in plain language]\n**Active Critical Alerts** (if available):\n- **Alert Count**: [Number of critical/warning alerts]\n- **Key Alerts**: [Names and descriptions of alerts related to failure]\n- **Correlation**: [How alerts connect to failing operators]\n- **Example**: \"KubeAPIDown alert + authentication operator failure → API server connectivity issue\"\n- If alerts not\
+      \ available: \"Alert monitoring unavailable\"\n**Investigation Steps**\n1. [First diagnostic step based on actual failure type]\n2. [Second diagnostic step]\n3. [Log locations to check]\n**Recovery Actions** (Conservative Approach)\n1. [Investigation-focused first step]\n2. [Monitoring and validation steps]\n3. [When to escalate to support]\n\n## TL;DR\n- **Failure Type**: [Specific failure reason from conditions]\n- **Target Version**: [Failed upgrade target with release info]\n- **Root Cause**: [Primary component or process failing - with actual error from logs]\n- **Failed Components**: [Count and names of failed ClusterOperators]\n- **Error Messages**: [Key errors from pod logs - be specific!]\n- **Event Summary**: [Count of error events in last hour, key patterns]\n- **Alert Status**: [Critical alerts related to failure, if available]\n- **Historical Pattern**: [Recurring failure vs new issue]\n- **Last Success**: [Most recent completed upgrade for context]\n- **Update Service**:\
+      \ [Cincinnati health, e.g., \"Default service working (RetrievedUpdates=True)\" or \"Custom upstream failing\"]\n- **Node Issues**: [Count of NotReady nodes if any]\n- **Infrastructure Problems**: [Any detected infrastructure issues]\n- **MCP Issues**: [Count of degraded MachineConfigPools if any]\n- **Next Steps**: [Conservative investigation approach based on actual errors found]\n- **Escalation**: [When to contact Red Hat support]\n- **Recovery Time**: [Realistic estimate based on failure type]\n</output_format>\n"
+    expected_response: '## Summary
+
+      **Root Cause Analysis**
+
+      Based on the ClusterVersion data:
+
+      - **Current Version**: 4.21.14
+
+      - **Target Version**: 4.21.17
+
+      - **Failure Type**: Failing
+
+      - **Specific Error**: "Cluster version is 4.21.14"
+
+
+      **Component Analysis**
+
+      - **Failed ClusterOperators**: None reported as unavailable or degraded.
+
+      - **Operator Error Details**: No specific errors found in operator logs.
+
+      - **Stuck ClusterOperators**: None reported as stuck in Progressing state.
+
+      - **Affected Services**: No immediate impact on cluster functionality based on current operator status.
+
+
+      **Failed Upgrade Context**
+
+      - **Target Version**: 4.21.17
+
+      - **Release Information**: Available updates include 4.21.17.
+
+      - **Upgrade Path**: 4.21.14 → 4.21.17
+
+      - **Target Availability**: Target version is available for upgrade.
+
+
+      **Historical Failure Analysis**
+
+      - **Previous Attempts**: No recent upgrade attempts recorded in history.
+
+      - **Failure Pattern**: No recurring issues identified.
+
+      - **Last Successful Upgrade**: Last completed upgrade was to 4.21.14.
+
+      - **Cluster Stability**: Cluster appears stable with no failed operators.
+
+
+      **Update Service Health**
+
+      - **Service Configuration**: Default Red Hat service.
+
+      - **Cincinnati Status**: RetrievedUpdates condition is True.
+
+      - **Last Update Check**: Recent update retrieval was successful.
+
+      - **Available Updates**: AvailableUpdates array is populated.
+
+      - **Connectivity Issues**: No network or authentication problems detected.
+
+
+      **Failure Events Timeline** (Last hour):
+
+      - **Event Summary**: No error or warning events found in the last hour.
+
+      - **Timeline of Key Events**: No significant events leading to failure detected.
+
+      - **Technical Errors Found**: None reported.
+
+      - **User-Friendly Explanation**: No recent issues impacting the upgrade process.
+
+
+      **Active Critical Alerts** (if available):
+
+      - **Alert Count**: No critical alerts reported.
+
+      - **Key Alerts**: None related to failure.
+
+      - **Correlation**: No alerts to correlate with operator failures.
+
+
+      **Investigation Steps**
+
+      1. Verify the status of the upgrade process and check for any pending operations.
+
+      2. Monitor the cluster for any changes in operator status or conditions.
+
+      3. Check logs for any specific operator if issues arise.
+
+
+      **Recovery Actions** (Conservative Approach)
+
+      1. Continue monitoring the upgrade process and cluster health.
+
+      2. Validate operator functionality and readiness before proceeding with the upgrade.
+
+      3. If issues persist, consider escalating to Red Hat support for further assistance.
+
+
+      ## TL;DR
+
+      - **Failure Type**: Failing condition detected.
+
+      - **Target Version**: 4.21.17 available for upgrade.
+
+      - **Root Cause**: Cluster version remains at 4.21.14, preventing upgrade.
+
+      - **Failed Components**: No failed ClusterOperators.
+
+      - **Error Messages**: No specific errors found in logs.
+
+      - **Event Summary**: No error or warning events in the last hour.
+
+      - **Alert Status**: No critical alerts related to failure.
+
+      - **Historical Pattern**: No recurring issues detected.
+
+      - **Last Success**: Last successful upgrade was to 4.21.14.
+
+      - **Update Service**: Cincinnati health is good, with updates available.
+
+      - **Node Issues**: No NotReady nodes detected.
+
+      - **Infrastructure Problems**: None reported.
+
+      - **MCP Issues**: No degraded MachineConfigPools detected.
+
+      - **Next Steps**: Monitor upgrade status and validate operator readiness.
+
+      - **Escalation**: Contact Red Hat support if issues persist.
+
+      - **Recovery Time**: Ongoing monitoring required.'
+    turn_metrics:
+    - custom:answer_correctness
+    - geval:output_format_compliance
+    - geval:technical_accuracy
+- conversation_group_id: conv_803
+  tag: cluster-updates-critical
+  turns:
+  - turn_id: turn_001
+    query: 'I need to check if my OpenShift cluster is healthy and ready for an upgrade.
+
+      The current version is 4.15.1. Can you analyze the cluster status?
+
+      '
+    expected_response: "Your OpenShift cluster has several active alerts that indicate potential issues:\n\n1. **KubeCPUOvercommit**: The cluster has overcommitted CPU resource requests for Pods, which could lead to issues if a node fails.\n   \n2. **HighOverallControlPlaneMemory**: Memory utilization across control plane nodes is high, which may impact responsiveness and stability. It's recommended to increase memory on control plane nodes.\n\n3. **SystemMemoryExceedsReservation**: A specific node is using more memory than reserved, which could affect system processes.\n\n4. **KubePodNotScheduled**: A pod (`lightspeed-app-server-d6cd79589-bp2gk`) cannot be scheduled, indicating potential resource constraints.\n\n5. **KubeDeploymentRolloutStuck**: The deployment of `lightspeed-app-server` is not progressing, which may require investigation.\n\n6. **UpdateAvailable**: An update to version 4.21 is recommended.\n\n7. **InsightsRecommendationActive**: A security vulnerability (CVE-2026-43284)\
+      \ has been detected, which requires attention.\n\n### Recommendations:\n- **Address Active Alerts**: Investigate and resolve the active alerts, especially those related to CPU and memory utilization.\n- **Plan for Upgrade**: Ensure that the issues are resolved before proceeding with the upgrade to version 4.21.\n- **Monitor Cluster Health**: Continuously monitor the cluster health and resource usage to prevent future issues.\n\nMake sure to take action on these alerts to ensure a smooth upgrade process."
+    turn_metrics:
+    - custom:answer_correctness
+- conversation_group_id: conv_804
+  tag: cluster-updates-format
+  turns:
+  - turn_id: turn_001
+    query: 'My cluster is currently upgrading from 4.15.1 to 4.15.2. Can you check the progress?
+
+      '
+    expected_response: "The upgrade from version 4.15.1 to 4.15.2 is currently in progress. Here are the key details:\n\n- **Worker Pool Status:**\n  - **Worker Pool:** \n    - 1 node is **Available**\n    - 1 node is **Progressing**\n    - 1 node is **Draining**\n  - **Infra Pool:**\n    - 1 node is **Available**\n    - 1 node is **Progressing**\n    - 1 node is **Draining**\n\n- **Update Health:**\n  - The update is proceeding well with no significant issues reported.\n\n- **Pods Status:**\n  - Most critical pods are running successfully, but there are some pending pods in the `openshift-lightspeed` namespace, which may need attention.\n\nYou should continue to monitor the progress and ensure that all nodes are updated before deploying workloads that rely on new features."
+    turn_metrics:
+    - custom:answer_correctness
+- conversation_group_id: conv_805
+  tag: cluster-updates-blockers
+  turns:
+  - turn_id: turn_001
+    query: 'I''m trying to upgrade from 4.14.20 to 4.15.0 but it seems blocked. Can you help diagnose the issue?
+
+      '
+    expected_response: 'The upgrade from 4.14.20 to 4.15.0 may be blocked due to several active alerts in your cluster. Here are the key issues:
+
+
+      1. **KubeCPUOvercommit**: The cluster has overcommitted CPU resource requests for Pods, which could affect node stability.
+
+
+      2. **HighOverallControlPlaneMemory**: Memory utilization across control plane nodes is high, potentially impacting responsiveness and stability.
+
+
+      3. **SystemMemoryExceedsReservation**: A specific node is using more memory than reserved, which could lead to out-of-memory events.
+
+
+      4. **KubePodNotScheduled**: A pod (`lightspeed-app-server`) cannot be scheduled, indicating resource constraints.
+
+
+      5. **KubeDeploymentRolloutStuck**: The rollout of the `lightspeed-app-server` deployment is not progressing, which may be related to the scheduling issue.
+
+
+      To proceed with the upgrade, you should address these alerts, particularly the resource overcommitment and scheduling issues. Consider scaling your resources or optimizing your workloads to resolve these problems.'
+    turn_metrics:
+    - custom:answer_correctness
+    - geval:actionable_guidance
+- conversation_group_id: conv_806
+  tag: cluster-updates-risks
+  turns:
+  - turn_id: turn_001
+    query: 'I see an available update to 4.15.5 but it''s marked as a conditional update. What does that mean and should I proceed?
+
+      '
+    expected_response: 'A conditional update means that the update to version 4.15.5 is available but not recommended due to known risks that may apply to your cluster. The Cluster Version Operator (CVO) evaluates these risks, and if they are deemed applicable, the update is labeled as conditional.
+
+
+      Before proceeding with a conditional update, consider the following:
+
+
+      1. **Assess the Risks**: Review the known risks associated with the update. If the risks do not apply to your cluster, the update may still be safe to proceed with.
+
+
+      2. **Critical Needs**: If you have a strong reason to update (e.g., fixing a critical CVE), weigh the benefits against the potential risks.
+
+
+      3. **Wait for Recommended Updates**: If there is no urgent need to update, it may be best to wait for a recommended update path from Red Hat, which would ensure a safer upgrade.
+
+
+      In summary, proceed with caution and evaluate the specific risks before deciding to update to 4.15.5.'
+    turn_metrics:
+    - custom:answer_correctness
+    - geval:technical_accuracy
+- conversation_group_id: conv_807
+  tag: cluster-updates-path
+  turns:
+  - turn_id: turn_001
+    query: 'I want to upgrade from 4.15.1 directly to 4.15.6. Can you validate this upgrade path?
+
+      '
+    expected_response: Yes, you can upgrade from 4.15.1 to 4.15.6. The upgrade path is valid as both versions are within the same minor version (4.15) and follow the z-stream update policy.
+    turn_metrics:
+    - custom:answer_correctness
+- conversation_group_id: conv_808
+  tag: cluster-updates-troubleshoot
+  turns:
+  - turn_id: turn_001
+    query: 'My cluster upgrade from 4.15.1 to 4.15.2 failed. Can you help diagnose what went wrong?
+
+      '
+    expected_response: "The cluster upgrade from 4.15.1 to 4.15.2 failed due to several active alerts that may have impacted the upgrade process. Here are the key alerts:\n\n1. **KubeCPUOvercommit**: The cluster has overcommitted CPU resource requests for Pods, which could lead to resource contention.\n   - **Severity**: Warning\n\n2. **HighOverallControlPlaneMemory**: Memory utilization across control plane nodes is high, potentially impacting responsiveness and stability.\n   - **Severity**: Warning\n\n3. **SystemMemoryExceedsReservation**: A specific node is using more memory than reserved, which can affect node functionality.\n   - **Severity**: Warning\n\n4. **KubePodNotScheduled**: A pod in the `openshift-lightspeed` namespace cannot be scheduled, indicating potential resource issues.\n   - **Severity**: Warning\n\n5. **KubeDeploymentRolloutStuck**: The rollout of the `lightspeed-app-server` deployment is not progressing, which may indicate issues with the deployment process.\n   -\
+      \ **Severity**: Warning\n\nThese alerts suggest that resource constraints and deployment issues may have contributed to the upgrade failure. You should address these alerts by checking resource allocations, ensuring sufficient memory and CPU availability, and resolving any deployment issues before attempting the upgrade again."
+    turn_metrics:
+    - custom:answer_correctness
+- conversation_group_id: conv_809
+  tag: cluster-updates-conversation
+  turns:
+  - turn_id: turn_001
+    query: 'What updates are available for my cluster running OpenShift 4.15.1?
+
+      '
+    expected_response: 'It appears that your cluster is currently running OpenShift version 4.21.14, not 4.15.1. To check for available updates, you can run the following command:
+
+
+      ```terminal
+
+      $ oc adm upgrade recommend
+
+      ```
+
+
+      This command will provide you with the recommended updates for your cluster. If you need assistance with interpreting the output or further steps, feel free to ask!'
+    turn_metrics:
+    - custom:answer_correctness
+  - turn_id: turn_002
+    query: 'What''s the difference between 4.15.3 and 4.15.4? Why is 4.15.4 conditional?
+
+      '
+    expected_response: "The difference between OpenShift versions 4.15.3 and 4.15.4 typically involves bug fixes, security patches, and possibly minor enhancements. \n\nRegarding the conditional status of 4.15.4, it indicates that there are known risks associated with this update. Conditional updates are declared when specific conditions or configurations in the cluster may lead to issues during or after the update process. The Cluster Version Operator evaluates these risks against the current cluster state, and if any risks match, the update is labeled as conditional.\n\nFor detailed information on the specific risks associated with 4.15.4, you would typically refer to the release notes or known issues documentation provided by Red Hat. If you need help finding that information or have further questions, let me know!"
+    turn_metrics:
+    - custom:answer_correctness
+- conversation_group_id: conv_810
+  tag: cluster-updates-no-updates
+  turns:
+  - turn_id: turn_001
+    query: 'My cluster is on 4.15.8 and I don''t see any available updates. Is this normal?
+
+      '
+    expected_response: Yes, it's normal if you don't see any available updates for your cluster on version 4.15.8. If the update status is not "Updates available," you cannot update your cluster. You should continue to update your cluster to the latest patch release for your current version until the next minor version is available in the path.
+    turn_metrics:
+    - custom:answer_correctness
+- conversation_group_id: conv_811
+  tag: cluster-updates-channels
+  turns:
+  - turn_id: turn_001
+    query: 'What''s the difference between stable, fast, and candidate channels for updates?
+
+      '
+    expected_response: "The differences between stable, fast, and candidate channels for updates in Red Hat OpenShift Container Platform are as follows:\n\n1. **Stable Channel**:\n   - Releases are added after a delay to allow for data collection and analysis for regressions.\n   - Suitable for production environments where stability is prioritized.\n   - Updates are generally promoted within a week or two after their initial release.\n\n2. **Fast Channel**:\n   - Releases are available as soon as they are declared as general availability (GA) by Red Hat.\n   - Fully supported and intended for production use.\n   - Ideal for users who want to apply updates without waiting for the stable channel promotion.\n\n3. **Candidate Channel**:\n   - Offers early access to releases as soon as they are built, but these releases may not have the full feature set or quality assurance of GA releases.\n   - Not suitable for production environments; primarily for testing purposes.\n   - Users should be prepared\
+      \ to destroy and recreate clusters if necessary.\n\nIn summary, the stable channel focuses on reliability, the fast channel prioritizes immediate access to updates, and the candidate channel is for testing new features."
+    turn_metrics:
+    - custom:answer_correctness
+- conversation_group_id: conv_812
+  tag: cluster-updates-mcp
+  turns:
+  - turn_id: turn_001
+    query: 'The control plane upgraded successfully but my worker nodes haven''t started updating yet. Is this normal?
+
+      '
+    expected_response: Yes, this is normal. After upgrading the control plane, you need to unpause the relevant MachineConfigPool (MCP) groups to start the upgrade process for the worker nodes. Once unpaused, the worker nodes will begin updating, rebooting one at a time to upgrade to the new version. Ensure that the MCP groups are correctly configured and unpaused to initiate the worker node upgrades.
+    turn_metrics:
+    - custom:answer_correctness
+- conversation_group_id: conv_813
+  tag: cluster-updates-pdb
+  turns:
+  - turn_id: turn_001
+    query: 'My node upgrade seems stuck - it''s been draining for over an hour. What could be wrong?
+
+      '
+    expected_response: 'The prolonged draining of your node could be due to several common issues:
+
+
+      1. **PodDisruptionBudget (PDB):** The pod may have a PDB that prevents it from being deleted during the drain process.
+
+
+      2. **Attached Storage:** If the pod has storage attached, the kubelet might be unable to unmount it.
+
+
+      3. **Webhooks:** There could be a webhook configured for UPDATE operations that is not being called by the kube-apiserver.
+
+
+      4. **Finalizers:** The pod may have finalizers set that are preventing it from terminating.
+
+
+      To diagnose the issue, check the logs of the Machine Config Controller (MCC) for specific error messages regarding which pods are failing to drain. This will help you identify the root cause.'
+    turn_metrics:
+    - custom:answer_correctness
+- conversation_group_id: conv_814
+  tag: cluster-updates-eus
+  turns:
+  - turn_id: turn_001
+    query: 'Can I upgrade directly from OpenShift 4.14.12 to 4.16.3?
+
+      '
+    expected_response: No, you cannot upgrade directly from OpenShift 4.14.12 to 4.16.3. Upgrades must occur between minor versions, and you need to upgrade to the next minor version first (4.15) before proceeding to 4.16.
+    turn_metrics:
+    - custom:answer_correctness
+- conversation_group_id: conv_815
+  tag: cluster-updates-conditions
+  turns:
+  - turn_id: turn_001
+    query: "I see my ClusterVersion has these conditions:\n\n- type: Available\n  status: \"True\"\n- type: Failing\n  status: \"False\"\n- type: Progressing\n  status: \"False\"\n- type: Upgradeable\n  status: \"True\"\n\nIs my cluster healthy and ready for upgrade?\n"
+    expected_response: 'Your cluster appears to be healthy based on the conditions you''ve provided:
+
+
+      - **Available: True** indicates that the cluster is operational and can serve workloads.
+
+      - **Failing: False** means the cluster is not in a failing state, which is good.
+
+      - **Progressing: False** suggests that there are no ongoing updates or changes that could affect stability.
+
+      - **Upgradeable: True** indicates that the cluster is safe to update.
+
+
+      Overall, your cluster is healthy and ready for an upgrade.'
+    turn_metrics:
+    - custom:answer_correctness
+    - geval:condition_status_accuracy
+- conversation_group_id: conv_816
+  tag: cluster-updates-conditions
+  turns:
+  - turn_id: turn_001
+    query: "I'm checking my cluster operators before upgrading. The authentication operator shows:\n\nConditions:\n- type: Available\n  status: \"True\"\n- type: Progressing\n  status: \"False\"\n- type: Degraded\n  status: \"False\"\n- type: Upgradeable\n  status: \"True\"\n\nCan I proceed with the cluster upgrade, or is this operator blocking it?\n"
+    expected_response: 'You can proceed with the cluster upgrade. The authentication operator is in a good state with the following conditions:
+
+
+      - Available: True
+
+      - Progressing: False
+
+      - Degraded: False
+
+      - Upgradeable: True
+
+
+      Since the Upgradeable status is True, it indicates that the operator is safe to update, and there are no blocking issues.'
+    turn_metrics:
+    - custom:answer_correctness
+    - geval:condition_status_accuracy
diff --git a/eval/system_cluster_updates.yaml b/eval/system_cluster_updates.yaml
new file mode 100644
index 000000000..af5579319
--- /dev/null
+++ b/eval/system_cluster_updates.yaml
@@ -0,0 +1,237 @@
+# LightSpeed Evaluation Framework Configuration - CLUSTER-UPDATES OPTIMIZED
+# This configuration is specifically tuned for cluster-updates evaluation tests (conv_798-814)
+
+# LLM Configuration
+llm:
+  provider: "openai"          # Judge LLM Provider (openai, gemini etc..)
+  model: "gpt-4o-mini"        # Model name for the provider
+  temperature: 0.0            # Generation temperature
+  max_tokens: 2048            # Maximum tokens in response (increased for detailed cluster analysis)
+  timeout: 300                # Request timeout in seconds
+  num_retries: 3              # Retry attempts
+
+# API Configuration
+# Only query endpoint is supported
+api:
+  enabled: true                        # Enable API calls instead of using pre-filled data
+  api_base: http://localhost:8080      # Base API URL
+  endpoint_type: query                 # Use "streaming" or "query" endpoint
+  timeout: 300                         # API request timeout in seconds
+
+  # API input configuration
+  provider: "openai"                   # LLM provider for queries (matches judge provider)
+  model: "gpt-4o-mini"                 # Model to use for queries
+  no_tools: null                       # Whether to bypass tools and MCP servers (optional)
+  system_prompt: null                  # System prompt (default None)
+
+  # Authentication via API_KEY environment variable only for MCP server
+
+# Metrics metadata - Optimized for cluster-updates evaluation
+metrics_metadata:
+  # Turn-level metrics metadata
+  turn_level:
+    # Standard custom metric (always enabled)
+    "custom:answer_correctness":
+      threshold: 0.7
+      description: "Correctness vs expected answer using custom LLM evaluation"
+      default: true  # This metric is applied by default when no turn_metrics specified
+
+    # Cluster-updates specific metrics (using GEval for custom criteria)
+    "geval:condition_status_accuracy":
+      threshold: 0.99
+      description: "Validates correct Kubernetes condition status interpretation"
+      default: false  # Enable explicitly in test metrics
+      criteria: |
+        Evaluate whether the response correctly interprets Kubernetes condition status fields.
+
+        CRITICAL REQUIREMENT: The response MUST understand that a condition's status field determines its meaning:
+        - Failing status=False → Cluster is NOT failing (healthy)
+        - Failing status=True → Cluster IS failing (problem)
+        - Available status=True → Component IS available (healthy)
+        - Available status=False → Component NOT available (problem)
+        - Progressing status=True → Update/reconciliation in progress
+        - Progressing status=False → Stable state
+
+        Score 1.0 if ALL condition interpretations are correct.
+        Score 0.0 if ANY condition is misinterpreted (e.g., treating "Failing=False" as a problem).
+      evaluation_params: [response, expected_response]
+
+    "geval:output_format_compliance":
+      threshold: 0.80
+      description: "Validates cluster-updates response format (Summary + TL;DR)"
+      default: false  # Enable explicitly in test metrics
+      criteria: |
+        Evaluate whether the response follows the required output format for cluster updates analysis:
+
+        REQUIRED SECTIONS:
+        1. ## Summary - Detailed analysis section
+        2. ## TL;DR - Quick facts section
+
+        REQUIRED FORMAT PATTERNS:
+        - Operator counts: Must use format "X of Y operators" (exact counts, not vague language)
+        - Version numbers: Must include actual version strings
+        - Status fields: Must quote actual Kubernetes status field values
+
+        Score 1.0 if both sections present with required format patterns.
+        Score 0.7 if sections present but format patterns not exact.
+        Score 0.3 if only one section present.
+        Score 0.0 if neither section present.
+      evaluation_params: [response]
+
+    "geval:technical_accuracy":
+      threshold: 0.80
+      description: "Validates OpenShift/Kubernetes domain technical correctness"
+      default: false  # Enable explicitly in test metrics
+      criteria: |
+        Evaluate the technical accuracy of OpenShift/Kubernetes concepts:
+
+        CHECK FOR:
+        - Correct ClusterVersion/ClusterOperator interpretation
+        - Accurate upgrade blocker identification
+        - Proper admin-ack gate handling
+        - Correct conditional update risk assessment
+        - Accurate node and MachineConfigPool status interpretation
+
+        Score 1.0 if all technical concepts are correct.
+        Score 0.7 if minor inaccuracies that don't affect main conclusion.
+        Score 0.3 if significant technical errors.
+        Score 0.0 if fundamentally wrong about core concepts.
+      evaluation_params: [query, response, expected_response]
+
+    "geval:actionable_guidance":
+      threshold: 0.7
+      description: "Validates response provides specific, actionable guidance"
+      default: false  # Enable explicitly in test metrics
+      criteria: |
+        Evaluate whether the response provides actionable guidance:
+
+        GOOD GUIDANCE:
+        - Specific remediation steps (not vague suggestions)
+        - Exact commands when needed (e.g., "oc patch clusterversion...")
+        - Conservative recommendations (investigate before aggressive actions)
+        - Links actual errors to root causes
+
+        BAD GUIDANCE:
+        - Generic advice ("check logs", "contact support")
+        - Vague recommendations ("some operators may need attention")
+        - Aggressive actions without investigation
+        - No clear next steps
+
+        Score 1.0 if guidance is specific and actionable.
+        Score 0.6 if somewhat helpful but could be more specific.
+        Score 0.2 if mostly generic advice.
+        Score 0.0 if no actionable guidance provided.
+      evaluation_params: [query, response]
+
+    # Other metrics available but not used by default
+    "ragas:response_relevancy":
+      threshold: 0.7
+      description: "How relevant the response is to the question"
+      default: false
+
+    "ragas:faithfulness":
+      threshold: 0.7
+      description: "How faithful the response is to the provided context"
+      default: false
+
+    "ragas:context_recall":
+      threshold: 0.7
+      description: "Did we fetch every fact the answer needs?"
+      default: false
+
+    "ragas:context_precision_with_reference":
+      threshold: 0.7
+      description: "How precise the retrieved context is (with reference)"
+      default: false
+
+    "ragas:context_precision_without_reference":
+      threshold: 0.7
+      description: "How precise the retrieved context is (without reference)"
+      default: false
+
+    "ragas:context_relevance":
+      threshold: 0.7
+      description: "Is what we retrieved actually relevant to user query?"
+      default: false
+
+    "custom:tool_eval":
+      description: "Tool call evaluation comparing expected vs actual tool calls"
+      default: false
+
+  # Conversation-level metrics metadata
+  conversation_level:
+    "deepeval:conversation_completeness":
+      threshold: 0.7
+      description: "How completely the conversation addresses user intentions"
+      default: false
+
+    "deepeval:conversation_relevancy":
+      threshold: 0.7
+      description: "How relevant the conversation is to the topic/context"
+      default: false
+
+    "deepeval:knowledge_retention":
+      threshold: 0.7
+      description: "How well the model retains information from previous turns"
+      default: false
+
+# Output Configuration
+output:
+  output_dir: "./results"  # Output to results/ for cluster-updates tests
+  base_filename: "evaluation"
+  enabled_outputs:          # Enable specific output types
+    - csv                   # Detailed results CSV
+    - json                  # Summary JSON with statistics
+    # - txt                   # Human-readable summary
+
+  # CSV columns to include
+  csv_columns:
+    - "conversation_group_id"
+    - "turn_id"
+    - "metric_identifier"
+    - "score"
+    - "threshold"
+    - "result"
+    - "reason"
+    - "query"
+    - "response"
+    - "execution_time"
+
+# Visualization settings
+visualization:
+  figsize: [12, 8]            # Graph size (width, height)
+  dpi: 300                    # Image resolution
+
+  # Graph types to generate
+  enabled_graphs:
+    - "score_distribution"    # Score distribution box plot
+    - "status_breakdown"      # Pie chart for pass/fail/error breakdown
+
+# Environment Variables - Automatically get set before any imports
+environment:
+  DEEPEVAL_TELEMETRY_OPT_OUT: "YES"        # Disable DeepEval telemetry
+  DEEPEVAL_DISABLE_PROGRESS_BAR: "YES"     # Disable DeepEval progress bars
+
+  LITELLM_LOG: ERROR                       # Suppress LiteLLM verbose logging
+
+# Logging Configuration
+logging:
+  # Source code logging level
+  source_level: INFO          # DEBUG, INFO, WARNING, ERROR, CRITICAL
+
+  # Package logging level (imported libraries)
+  package_level: ERROR
+
+  # Log format and display options
+  log_format: "%(asctime)s - %(name)s - %(levelname)s - %(message)s"
+  show_timestamps: true
+
+  # Specific package log levels (override package_level for specific libraries)
+  package_overrides:
+    httpx: ERROR
+    urllib3: ERROR
+    requests: ERROR
+    matplotlib: ERROR
+    LiteLLM: WARNING
+    DeepEval: WARNING
+    ragas: WARNING
diff --git a/tests/e2e/evaluation/test_cluster_updates.py b/tests/e2e/evaluation/test_cluster_updates.py
new file mode 100644
index 000000000..8efc9f5f8
--- /dev/null
+++ b/tests/e2e/evaluation/test_cluster_updates.py
@@ -0,0 +1,131 @@
+"""Cluster-updates evaluation tests using OpenAI GPT-4o-mini and GPT-4.1-mini judge."""
+
+import json
+import os
+import shutil
+import subprocess
+import tempfile
+from pathlib import Path
+
+import pytest
+import yaml
+
+PROJECT_ROOT = Path(__file__).parent.parent.parent.parent
+EVAL_DIR = PROJECT_ROOT / "eval"
+LSEVAL_BIN = PROJECT_ROOT / ".venv" / "bin" / "lightspeed-eval"
+SYSTEM_CONFIG = EVAL_DIR / "system_cluster_updates.yaml"
+EVAL_DATA = EVAL_DIR / "eval_data_cluster_updates.yaml"
+
+
+def _ensure_lseval_installed() -> None:
+    """Install the lightspeed-evaluation package via uv if absent.
+
+    Uses the version pinned in pyproject.toml under [project.optional-dependencies].lseval,
+    ensuring a specific (tested) release rather than HEAD.
+    """
+    if LSEVAL_BIN.exists():
+        return
+
+    uv_path = shutil.which("uv")
+    if not uv_path:
+        raise FileNotFoundError("uv command not found in PATH")
+
+    subprocess.run(  # noqa: S603
+        [uv_path, "sync", "--extra", "lseval"],
+        check=True,
+        cwd=str(PROJECT_ROOT),
+    )
+
+
+def _resolve_ols_url() -> str:
+    """Return the OLS base URL, preferring the live pytest client over env var."""
+    client = getattr(pytest, "ols_url", None)
+    if client:
+        return client.rstrip("/")
+    return os.getenv("OLS_URL", "http://localhost:8080").rstrip("/")
+
+
+def _get_ols_token() -> str:
+    """Extract the bearer token from the pytest HTTP client if available."""
+    client = getattr(pytest, "client", None)
+    if client is None:
+        return ""
+    auth_header: str = client.headers.get("Authorization", "")
+    return auth_header.removeprefix("Bearer ").strip()
+
+
+def _run_lseval(eval_data: Path, out_dir: Path) -> None:
+    """Run lightspeed-eval with the given data file and assert artefacts are produced."""
+    _ensure_lseval_installed()
+    out_dir.mkdir(parents=True, exist_ok=True)
+
+    ols_url = _resolve_ols_url()
+
+    with open(SYSTEM_CONFIG, encoding="utf-8") as fh:
+        config = yaml.safe_load(fh)
+
+    config["api"]["api_base"] = ols_url
+
+    with tempfile.NamedTemporaryFile(
+        mode="w", suffix=".yaml", delete=False, dir=str(EVAL_DIR)
+    ) as tmp:
+        yaml.dump(config, tmp)
+        tmp_config_path = tmp.name
+
+    env = os.environ.copy()
+
+    token = _get_ols_token()
+    if token:
+        env["API_KEY"] = token
+
+    try:
+        result = subprocess.run(  # noqa: S603
+            [
+                str(LSEVAL_BIN),
+                "--system-config",
+                tmp_config_path,
+                "--eval-data",
+                str(eval_data),
+                "--output-dir",
+                str(out_dir),
+            ],
+            capture_output=True,
+            text=True,
+            env=env,
+            check=False,
+        )
+    finally:
+        os.unlink(tmp_config_path)
+
+    print("--- lightspeed-eval stdout ---")
+    print(result.stdout)
+    if result.stderr:
+        print("--- lightspeed-eval stderr ---")
+        print(result.stderr)
+
+    assert result.returncode == 0, (
+        f"lightspeed-eval exited with code {result.returncode}.\n"
+        f"stderr:\n{result.stderr}"
+    )
+
+    csv_files = list(out_dir.glob("*_detailed.csv"))
+    assert csv_files, f"No detailed CSV artefacts found in {out_dir}"
+
+    json_files = list(out_dir.glob("*_summary.json"))
+    assert json_files, f"No summary JSON artefacts found in {out_dir}"
+
+    with open(json_files[0], encoding="utf-8") as fh:
+        overall = json.load(fh)["summary_stats"]["overall"]
+    assert overall["ERROR"] == 0, (
+        f"{overall['ERROR']}/{overall['TOTAL']} evaluations errored "
+        f"(error_rate={overall['error_rate']:.1f}%)."
+    )
+
+
+@pytest.mark.cluster_updates
+def test_cluster_updates(request: pytest.FixtureRequest) -> None:
+    """Run cluster-updates eval suite (18 conversations, 35 evaluations) with GPT-4o-mini and GPT-4.1-mini judge."""
+    out_dir_base = request.config.option.eval_out_dir or str(
+        EVAL_DIR / "results-cluster-updates"
+    )
+    _run_lseval(EVAL_DATA, Path(out_dir_base) / "cluster-updates")
diff --git a/tests/scripts/test-cluster-updates.sh b/tests/scripts/test-cluster-updates.sh
new file mode 100755
index 000000000..b754b3d5c
--- /dev/null
+++ b/tests/scripts/test-cluster-updates.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+# CI job: run cluster-updates eval (18 conversations, 35 evaluations) against OLS using OpenAI GPT-4o-mini + GPT-4.1-mini judge.
+#
+# Input environment variables:
+#   OPENAI_PROVIDER_KEY_PATH  - path to file containing the OpenAI API key
+#   OLS_IMAGE                 - pullspec for the OLS container image to deploy
+#
+# Script flow:
+#   1. Install OLS dependencies
+#   2. Install operator-sdk
+#   3. Deploy OLS on the cluster (openai_cluster_updates config via run_suite)
+#   4. Run the cluster-updates pytest test (make test-cluster-updates)
+#   5. Collect artefacts and clean up
+
+set -eou pipefail
+
+make install-deps && make install-deps-test
+
+DIR="${BASH_SOURCE%/*}"
+if [[ ! -d "$DIR" ]]; then DIR="$PWD"; fi
+. "$DIR/utils.sh"
+
+# Install operator-sdk
+export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac)
+export OS=$(uname | awk '{print tolower($0)}')
+export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v1.36.1
+curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH}
+mkdir -p $HOME/.local/bin
+chmod +x operator-sdk_${OS}_${ARCH} && mv operator-sdk_${OS}_${ARCH} $HOME/.local/bin/operator-sdk
+export PATH=$HOME/.local/bin:$PATH
+operator-sdk version
+
+# Export OpenAI key so the judge LLM can authenticate
+export OPENAI_API_KEY=$(cat "$OPENAI_PROVIDER_KEY_PATH")
+
+function run_suites() {
+  local rc=0
+
+  set +e
+  # Deploy OLS with OpenAI GPT-4o-mini and run cluster-updates evaluation (18 conversations, 35 evaluations).
+  # run_suite arguments: suiteid test_tags provider provider_keypath model ols_image ols_config_suffix
+  # OLS_CONFIG_SUFFIX="cluster_updates" → ols_installer builds: olsconfig.crd.openai_cluster_updates.yaml
+  run_suite "cluster_updates" "cluster_updates" "openai" "$OPENAI_PROVIDER_KEY_PATH" "gpt-4o-mini" "$OLS_IMAGE" "cluster_updates"
+  (( rc = rc || $? ))
+  set -e
+
+  cleanup_ols_operator
+
+  return $rc
+}
+
+function finish() {
+  if [ "${LOCAL_MODE:-0}" -eq 1 ]; then
+    rm -rf "$ARTIFACT_DIR"
+  fi
+}
+trap finish EXIT
+
+# ARTIFACT_DIR is set automatically in Prow; fall back to a temp dir locally
+if [ -z "${ARTIFACT_DIR:-}" ]; then
+  export ARTIFACT_DIR=$(mktemp -d)
+  readonly LOCAL_MODE=1
+fi
+
+run_suites