pkg/readiness: Add readiness checks and wire into proposal controller

Add pkg/readiness package with 9 cluster readiness checks that gather
pre-upgrade health data: cluster conditions, operator health, API
deprecations, node capacity, PDB drain blockers, etcd health, network
config, CRD compatibility, and OLM operator lifecycle.

Wire readiness.RunAll() into the proposal controller, replacing the
hardcoded readinessJSON placeholder with real per-target readiness data
that gets embedded in each proposal's request body.

Plumb dynamic.Interface from pkg/start through cvo.New() to the proposal
controller to support the readiness checks' cluster queries.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: harche

.openshift-tests-extension/openshift_payload_cluster-version-operator.json

@@ -110,5 +110,95 @@
     "source": "openshift:payload:cluster-version-operator",
     "lifecycle": "informing",
     "environmentSelector": {}
+  },
+  {
+    "name": "[Jira:\"Cluster Version Operator\"] cluster-version-operator readiness checks should run all checks without errors",
+    "labels": {},
+    "resources": {
+      "isolation": {}
+    },
+    "source": "openshift:payload:cluster-version-operator",
+    "lifecycle": "blocking",
+    "environmentSelector": {}
+  },
+  {
+    "name": "[Jira:\"Cluster Version Operator\"] cluster-version-operator readiness checks should produce valid JSON that round-trips",
+    "labels": {},
+    "resources": {
+      "isolation": {}
+    },
+    "source": "openshift:payload:cluster-version-operator",
+    "lifecycle": "blocking",
+    "environmentSelector": {}
+  },
+  {
+    "name": "[Jira:\"Cluster Version Operator\"] cluster-version-operator readiness checks should report node count matching the actual cluster",
+    "labels": {},
+    "resources": {
+      "isolation": {}
+    },
+    "source": "openshift:payload:cluster-version-operator",
+    "lifecycle": "blocking",
+    "environmentSelector": {}
+  },
+  {
+    "name": "[Jira:\"Cluster Version Operator\"] cluster-version-operator readiness checks should report operator count matching actual ClusterOperators",
+    "labels": {},
+    "resources": {
+      "isolation": {}
+    },
+    "source": "openshift:payload:cluster-version-operator",
+    "lifecycle": "blocking",
+    "environmentSelector": {}
+  },
+  {
+    "name": "[Jira:\"Cluster Version Operator\"] cluster-version-operator readiness checks should report etcd member count matching actual etcd pods",
+    "labels": {},
+    "resources": {
+      "isolation": {}
+    },
+    "source": "openshift:payload:cluster-version-operator",
+    "lifecycle": "blocking",
+    "environmentSelector": {}
+  },
+  {
+    "name": "[Jira:\"Cluster Version Operator\"] cluster-version-operator readiness checks should report network type matching actual Network config",
+    "labels": {},
+    "resources": {
+      "isolation": {}
+    },
+    "source": "openshift:payload:cluster-version-operator",
+    "lifecycle": "blocking",
+    "environmentSelector": {}
+  },
+  {
+    "name": "[Jira:\"Cluster Version Operator\"] cluster-version-operator readiness checks should report PDB count matching actual PodDisruptionBudgets",
+    "labels": {},
+    "resources": {
+      "isolation": {}
+    },
+    "source": "openshift:payload:cluster-version-operator",
+    "lifecycle": "blocking",
+    "environmentSelector": {}
+  },
+  {
+    "name": "[Jira:\"Cluster Version Operator\"] cluster-version-operator readiness checks should report cluster conditions matching ClusterVersion status",
+    "labels": {},
+    "resources": {
+      "isolation": {}
+    },
+    "source": "openshift:payload:cluster-version-operator",
+    "lifecycle": "blocking",
+    "environmentSelector": {}
+  },
+  {
+    "name": "[Jira:\"Cluster Version Operator\"] cluster-version-operator readiness checks should complete all checks within 60 seconds",
+    "labels": {},
+    "resources": {
+      "isolation": {}
+    },
+    "source": "openshift:payload:cluster-version-operator",
+    "lifecycle": "blocking",
+    "environmentSelector": {}
   }
 ]

install/0000_00_cluster-version-operator_30_deployment.yaml

@@ -77,6 +77,8 @@ spec:
               fieldPath: spec.nodeName
         - name: CLUSTER_PROFILE
           value: '{{ .ClusterProfile }}'
+        - name: LIGHTSPEED_SKILLS_IMAGE
+          value: "quay.io/openshift/ci:ocp_5.0_agentic-skills"
       # this pod is hostNetwork and uses the internal LB DNS name when possible, which the kubelet also uses.
       # this dnsPolicy allows us to use the same dnsConfig as the kubelet, without access to read it ourselves.
       dnsPolicy: Default

pkg/cvo/availableupdates_test.go

@@ -208,7 +208,7 @@ func newOperator(url string, cluster release, promqlMock clusterconditions.Condi
 		func() ([]configv1.Release, []configv1.ConditionalUpdate, error) {
 			return nil, nil, nil
 		},
-		fake.NewClientBuilder().Build(), func(_ string) (*configv1.ClusterVersion, error) {
+		fake.NewClientBuilder().Build(), nil, func(_ string) (*configv1.ClusterVersion, error) {
 			return &configv1.ClusterVersion{}, nil
 		},
 		func(_ context.Context, namespace, name string, _ metav1.GetOptions) (*corev1.ConfigMap, error) {

pkg/cvo/cvo.go

@@ -17,6 +17,7 @@ import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/client-go/dynamic"
 	informerscorev1 "k8s.io/client-go/informers/core/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/kubernetes/scheme"
@@ -109,6 +110,7 @@ type Operator struct {
 
 	client         clientset.Interface
 	kubeClient     kubernetes.Interface
+	dynamicClient  dynamic.Interface
 	operatorClient operatorclientset.Interface
 	eventRecorder  record.EventRecorder
 
@@ -235,6 +237,7 @@ func New(
 	featureGateInformer configinformersv1.FeatureGateInformer,
 	client clientset.Interface,
 	kubeClient kubernetes.Interface,
+	dynamicClient dynamic.Interface,
 	operatorClient operatorclientset.Interface,
 	exclude string,
 	clusterProfile string,
@@ -267,6 +270,7 @@ func New(
 
 		client:                client,
 		kubeClient:            kubeClient,
+		dynamicClient:         dynamicClient,
 		operatorClient:        operatorClient,
 		eventRecorder:         eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: namespace}),
 		queue:                 workqueue.NewTypedRateLimitingQueueWithConfig(workqueue.DefaultTypedControllerRateLimiter[any](), workqueue.TypedRateLimitingQueueConfig[any]{Name: "clusterversion"}),
@@ -354,6 +358,7 @@ func New(
 			return availableUpdates.Updates, availableUpdates.ConditionalUpdates, nil
 		},
 		rtClient,
+		dynamicClient,
 		cvInformer.Lister().Get,
 		func(ctx context.Context, namespace, name string, opts metav1.GetOptions) (*corev1.ConfigMap, error) {
 			return kubeClient.CoreV1().ConfigMaps(namespace).Get(ctx, name, opts)

pkg/cvo/cvo_test.go

@@ -2756,7 +2756,7 @@ func TestOperator_availableUpdatesSync(t *testing.T) {
 			ctx := context.Background()
 			optr.proposalController = proposal.NewController(func() ([]configv1.Release, []configv1.ConditionalUpdate, error) {
 				return nil, nil, nil
-			}, ctrlruntimefake.NewClientBuilder().Build(), func(_ string) (*configv1.ClusterVersion, error) {
+			}, ctrlruntimefake.NewClientBuilder().Build(), nil, func(_ string) (*configv1.ClusterVersion, error) {
 				return &configv1.ClusterVersion{}, nil
 			}, func(_ context.Context, namespace, name string, _ metav1.GetOptions) (*corev1.ConfigMap, error) {
 				return &corev1.ConfigMap{}, nil

pkg/payload/testdata/TestRenderManifest_expected_cvo_deployment.yaml

@@ -77,6 +77,8 @@ spec:
               fieldPath: spec.nodeName
         - name: CLUSTER_PROFILE
           value: 'some-profile'
+        - name: LIGHTSPEED_SKILLS_IMAGE
+          value: "quay.io/openshift/ci:ocp_5.0_agentic-skills"
       # this pod is hostNetwork and uses the internal LB DNS name when possible, which the kubelet also uses.
       # this dnsPolicy allows us to use the same dnsConfig as the kubelet, without access to read it ourselves.
       dnsPolicy: Default

pkg/proposal/analysis_schema.json

@@ -0,0 +1,105 @@
+{
+  "type": "object",
+  "required": ["analysisData"],
+  "properties": {
+    "analysisData": {
+      "type": "array",
+      "description": "Typed components describing upgrade readiness. Must include exactly one ota_readiness_summary. Include one ota_finding per blocker or warning. Include one ota_olm_operator_status if OLM operators are present.",
+      "minItems": 1,
+      "items": {
+        "oneOf": [
+          {
+            "type": "object",
+            "description": "Overall upgrade readiness summary with per-check results.",
+            "properties": {
+              "type": { "type": "string", "const": "ota_readiness_summary" },
+              "decision": {
+                "type": "string",
+                "enum": ["recommend", "caution", "block", "escalate"],
+                "description": "recommend=all clear, caution=warnings only, block=blockers found, escalate=insufficient data"
+              },
+              "checks": {
+                "type": "array",
+                "description": "One entry per readiness check from the input JSON.",
+                "items": {
+                  "type": "object",
+                  "properties": {
+                    "name": { "type": "string", "description": "Check name, e.g. Cluster Conditions, Operator Health" },
+                    "status": { "type": "string", "enum": ["pass", "warn", "fail", "error"] },
+                    "detail": { "type": "string", "description": "One-line summary" }
+                  },
+                  "required": ["name", "status"]
+                }
+              }
+            },
+            "required": ["type", "decision", "checks"]
+          },
+          {
+            "type": "object",
+            "description": "A specific blocker, warning, or informational finding.",
+            "properties": {
+              "type": { "type": "string", "const": "ota_finding" },
+              "severity": { "type": "string", "enum": ["blocker", "warning", "info"] },
+              "check": { "type": "string", "description": "Which readiness check surfaced this" },
+              "detail": { "type": "string", "description": "Description for a cluster administrator" },
+              "affectedResources": { "type": "array", "items": { "type": "string" } },
+              "prerequisite": { "type": "string", "description": "Action to resolve before upgrading" },
+              "verifyCommand": { "type": "string", "description": "Command to verify the finding is resolved" }
+            },
+            "required": ["type", "severity", "check", "detail"]
+          },
+          {
+            "type": "object",
+            "description": "Per-operator OLM lifecycle status.",
+            "properties": {
+              "type": { "type": "string", "const": "ota_olm_operator_status" },
+              "operators": {
+                "type": "array",
+                "items": {
+                  "type": "object",
+                  "properties": {
+                    "name": { "type": "string" },
+                    "namespace": { "type": "string" },
+                    "displayName": { "type": "string" },
+                    "installedVersion": { "type": "string" },
+                    "channel": { "type": "string" },
+                    "source": { "type": "string" },
+                    "installPlanApproval": { "type": "string", "enum": ["Automatic", "Manual"] },
+                    "pendingUpgrade": { "type": "boolean" },
+                    "pendingVersion": { "type": "string" },
+                    "compatibleWithTarget": { "type": "boolean" },
+                    "availableChannels": { "type": "array", "items": { "type": "string" } },
+                    "ocpCompat": {
+                      "type": "object",
+                      "properties": { "min": { "type": "string" }, "max": { "type": "string" } }
+                    },
+                    "lifecycle": {
+                      "type": "object",
+                      "properties": {
+                        "productName": { "type": "string" },
+                        "supportPhase": { "type": "string", "enum": ["Full Support", "Maintenance Support", "End of life"] },
+                        "ocpVersions": { "type": "string" },
+                        "maintenanceEnds": { "type": "string" }
+                      }
+                    }
+                  },
+                  "required": ["name", "namespace"]
+                }
+              },
+              "summary": {
+                "type": "object",
+                "properties": {
+                  "totalOperators": { "type": "integer" },
+                  "pendingUpgrades": { "type": "integer" },
+                  "manualApproval": { "type": "integer" },
+                  "incompatibleWithTarget": { "type": "integer" }
+                }
+              }
+            },
+            "required": ["type", "operators", "summary"]
+          }
+        ]
+      }
+    }
+  }
+}