DOC-1353 Add troubleshooting for mismatched RBAC settings (#1129)

JakeSCahill · Feediver1 · web-flow · commit 9f3d6c189e61 · 2025-05-19T09:03:29.000+01:00
Co-authored-by: Joyce Fee &lt;102751339+Feediver1@users.noreply.github.com&gt;
diff --git a/modules/troubleshoot/partials/errors-and-solutions.adoc b/modules/troubleshoot/partials/errors-and-solutions.adoc
@@ -305,6 +305,19 @@ helm repo update
 
 //end::deployment-name-exists[]
 
+//tag::deployment-forbidden-debug-bundle[]
+=== redpanda-rpk-debug-bundle is forbidden
+
+If you see this error, your Redpanda Operator's RBAC settings are out of sync with the Pod-level RBAC in the Redpanda resource:
+
+[.no-copy]
+----
+… forbidden: user "…-operator" … attempting to grant RBAC permissions not currently held …
+----
+
+To fix this error, make sure you haven't disabled xref:reference:k-operator-helm-spec.adoc#rbac-createrpkbundlecrs[`rbac.createRPKBundleCRs`] in the Redpanda Operator chart while still leaving xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rbac[`spec.clusterSpec.rbac.rpkDebugBundle`] enabled in your Redpanda resource. Either enable both or disable both.
+//end::deployment-forbidden-debug-bundle[]
+
 //tag::deployment-data-dir-not-writable[]
 === Fatal error during checker "Data directory is writable" execution
 
