I get the same behavior on the following CBV builds:
v4.11.0-309
v4.11.0-310
v4.11.0-313

bundle v4.11.0-314 correctly passed the smoke test and bundle v4.11.0-315 is also correctly deployable

We are hitting this issue both with 4.10.0->4.10.1 upgrade and fresh 4.11 install. 

==================
[cnv-qe-jenkins@verify411-8f8hz-executor ~]$ kubectl get csv -n openshift-cnv kubevirt-hyperconverged-operator.v4.11.0 -o json | jq ".spec.relatedImages" | grep ssp
    "image": "registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator@sha256:9c2c478ed7ae920d4e7ea351bb393bccd77d68c3f355e7786952add9ce958c5b",
    "name": "registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator:v4.11.0-29"
    "image": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:6578cc878df9c7339cc8207ae8cbe185361b1fcc8ed69da7ec0346bb94d4a588",
    "name": "registry.redhat.io/openshift4/ose-csi-livenessprobe:v4.10"
[cnv-qe-jenkins@verify411-8f8hz-executor ~]$

====================
[cnv-qe-jenkins@verify411-8f8hz-executor ~]$ kubectl get ssp ssp-kubevirt-hyperconverged -n openshift-cnv -o json | jq ".status"
{
  "conditions": [
    {
      "lastHeartbeatTime": "2022-05-09T13:39:02Z",
      "lastTransitionTime": "2022-05-09T13:39:02Z",
      "message": "Reconciling SSP resources",
      "reason": "Available",
      "status": "False",
      "type": "Available"
    },
    {
      "lastHeartbeatTime": "2022-05-09T13:39:02Z",
      "lastTransitionTime": "2022-05-09T13:39:02Z",
      "message": "Reconciling SSP resources",
      "reason": "Progressing",
      "status": "True",
      "type": "Progressing"
    },
    {
      "lastHeartbeatTime": "2022-05-09T13:39:02Z",
      "lastTransitionTime": "2022-05-09T13:39:02Z",
      "message": "Reconciling SSP resources",
      "reason": "Degraded",
      "status": "True",
      "type": "Degraded"
    }
  ],
  "observedGeneration": 1,
  "observedVersion": "4.11.0",
  "operatorVersion": "4.11.0",
  "phase": "Deploying",
  "targetVersion": "4.11.0"
}
[cnv-qe-jenkins@verify411-8f8hz-executor ~]$ 

HCO.status.versions shows
========================
 "versions": [
    {
      "name": "operator",
      "version": "4.11.0"
    }
  ]
========================

It is not very clear on what is causing this.

Will attach ssp and hco log.

{"level":"info","ts":1652102943.1696093,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652102947.14979,"logger":"controllers.SSP","msg":"Reconciling operands...","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652102950.0840895,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652102950.3263416,"logger":"controllers.SSP","msg":"Reconciling operands...","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
...
{"level":"info","ts":1652103640.047834,"logger":"controllers.SSP","msg":"Reconciling operands...","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652103642.159796,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652103642.3250394,"logger":"controllers.SSP","msg":"Reconciling operands...","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652103644.900461,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652103645.1145089,"logger":"controllers.SSP","msg":"Reconciling operands...","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652103647.6483648,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652103647.7232087,"logger":"controllers.SSP","msg":"Reconciling operands...","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}

SSP is definitively hot-looping here but the logs are not that explicative.

@dholler can you please take a look?

I have tried enabling debug logging for SSP using steps:

- Scale HCO deployment to 0, so it does not reconcile SSP
- Modify SSP deployment by adding command line parameter "--zap-log-level debug"

But after SSP restarted, it was not looping anymore.

Then I tried scaling HCO back to 1, which reverted SSP to its original definition, but it is still not looping.


I will create a PR to add the reason for reconciliation into SSP log.

Hello, just updating that I can see this "unable to create ClusterRole" issue again on CNV-v4.11.0-331.
So far, I didn't see this issue on later builds (332, 333).

Hey,
Updating that I didn't see this issue for a while.

Can I close this bug?

Hello again,
I'm seeing something similar:

SSP state is looping between Deploying and Deployed states for a long time until the reconciliation eventually completed.

some logs from the ssp-operator log:

{"level":"info","ts":1652957658.8573565,"logger":"controllers.SSP","msg":"Reconciliation event received","ssp":{"namespace":"openshift-cnv","name":"ssp-kubevirt-hyperconverged"},"cause_type":"DataImportCron","cause_object":"openshift-virtualization-os-images/centos-7-image-cron"}
{"level":"info","ts":1652957658.8573945,"logger":"controllers.SSP","msg":"Reconciliation event received","ssp":{"namespace":"openshift-cnv","name":"ssp-kubevirt-hyperconverged"},"cause_type":"DataImportCron","cause_object":"openshift-virtualization-os-images/centos-7-image-cron"}
{"level":"info","ts":1652957659.195631,"logger":"controllers.SSP","msg":"Reconciliation event received","ssp":{"namespace":"openshift-cnv","name":"ssp-kubevirt-hyperconverged"},"cause_type":"DataImportCron","cause_object":"openshift-virtualization-os-images/centos-stream8-image-cron"}
{"level":"info","ts":1652957659.1956854,"logger":"controllers.SSP","msg":"Reconciliation event received","ssp":{"namespace":"openshift-cnv","name":"ssp-kubevirt-hyperconverged"},"cause_type":"DataImportCron","cause_object":"openshift-virtualization-os-images/centos-stream8-image-cron"}
{"level":"info","ts":1652957659.3559809,"logger":"controllers.SSP","msg":"Reconciliation event received","ssp":{"namespace":"openshift-cnv","name":"ssp-kubevirt-hyperconverged"},"cause_type":"DataImportCron","cause_object":"openshift-virtualization-os-images/rhel8-image-cron"}
{"level":"info","ts":1652957659.3560662,"logger":"controllers.SSP","msg":"Reconciliation event received","ssp":{"namespace":"openshift-cnv","name":"ssp-kubevirt-hyperconverged"},"cause_type":"DataImportCron","cause_object":"openshift-virtualization-os-images/rhel8-image-cron"}
{"level":"info","ts":1652957659.719083,"logger":"controllers.SSP","msg":"Reconciliation event received","ssp":{"namespace":"openshift-cnv","name":"ssp-kubevirt-hyperconverged"},"cause_type":"DataImportCron","cause_object":"openshift-virtualization-os-images/centos-7-image-cron"}
{"level":"info","ts":1652957659.7191408,"logger":"controllers.SSP","msg":"Reconciliation event received","ssp":{"namespace":"openshift-cnv","name":"ssp-kubevirt-hyperconverged"},"cause_type":"DataImportCron","cause_object":"openshift-virtualization-os-images/centos-7-image-cron"}
{"level":"info","ts":1652957660.2953465,"logger":"controllers.SSP","msg":"Reconciliation event received","ssp":{"namespace":"openshift-cnv","name":"ssp-kubevirt-hyperconverged"},"cause_type":"DataImportCron","cause_object":"openshift-virtualization-os-images/centos-7-image-cron"}
{"level":"info","ts":1652957660.2954412,"logger":"controllers.SSP","msg":"Reconciliation event received","ssp":{"namespace":"openshift-cnv","name":"ssp-kubevirt-hyperconverged"},"cause_type":"DataImportCron","cause_object":"openshift-virtualization-os-images/centos-7-image-cron"}
{"level":"info","ts":1652957661.2083428,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652957661.2084458,"logger":"controllers.SSP","msg":"Starting reconciliation","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652957661.3715484,"logger":"controllers.SSP","msg":"Reconciling operands...","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}


And it loops like that, for example:
[cnv-qe-jenkins@verify-411-hx422-executor mocohen]$ oc logs -n openshift-cnv ssp-operator-bb9c945f8-5hxvr  | grep "CR status updated"
{"level":"info","ts":1652956654.7442966,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652956659.1829374,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652956662.8284736,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652956666.4708722,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652956670.1044624,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652956673.72668,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652956676.98464,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652956681.7213516,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
.....
{"level":"info","ts":1652957639.081216,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652957642.684177,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652957645.4238188,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652957648.6668222,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652957652.0845282,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652957654.97079,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652957658.388607,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652957661.2083428,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}
{"level":"info","ts":1652957665.176946,"logger":"controllers.SSP","msg":"CR status updated","ssp":"openshift-cnv/ssp-kubevirt-hyperconverged"}

Until it stops.

Build v4.11.0-373

Same with CNV build 4.11.0-380.

Hey,
Since kubevirt/ssp-operator/pull/361 has been merged, I don't see this issue anymore. I will update here if it comes up again for some reason.

Thanks for everyone.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Virtualization 4.11.0 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:6526