debug-rbac

Diagnose OpenShift RBAC permission failures that cause workloads to fail with 403 Forbidden errors when accessing the Kubernetes API. Automates multi-step diagnosis: pod logs for FORBIDDEN errors, readiness probe failures, ServiceAccount identification, RoleBinding/ClusterRoleBinding analysis, and remediation history for regression detection. Use when: - "403 forbidden when accessing Kubernetes API" - "ServiceAccount permission denied" - "pods can't list resources" - "missing RoleBinding" - User mentions "RBAC denied", "403 forbidden", "permission denied" NOT for SCC admission failures (use /debug-scc instead).