replicatedhq · AmberAlston · May 22, 2026 · May 22, 2026 · May 22, 2026 · github-actions
@@ -34,6 +34,10 @@ To configure your application to use the proxy registry with Helm CLI installati
 
 1. <RewriteHelmValues/>
 
+   :::note
+   Bitnami charts may display the error "Original containers have been substituted for unrecognized ones" when images are pulled from the Replicated proxy registry instead of the default Bitnami registry. To resolve this, set `global.security.allowInsecureImages=true` in your Helm values. Despite the name, this flag permits images from non-Bitnami registries. Your images are still pulled over HTTPS with authentication.
+   :::
+
 1. <Helper/>
 
 1. <UseHelper/>

@@ -51,6 +51,24 @@ To add the default support bundle spec to a release for your application:
 
 1. Add the chart archive to a new release. Promote the release to an internal development channel, and install the release in a development environment to test your changes.
 
+## RBAC requirements for exec collectors {#exec-rbac}
+
+The Replicated SDK includes a built-in support bundle spec that uses `exec` collectors to call internal SDK API endpoints (such as `/api/v1/app/info` and `/api/v1/license/info`). These collectors retrieve application and license information that appears as `app-info.json` and `license.yaml` in the generated bundle.
+
+For these `exec` collectors to work, the service account running the support bundle must have `pods/exec` with the `create` verb in its RBAC Role or ClusterRole. For example:
+
+```yaml
+- apiGroups: [""]
+  resources: ["pods/exec"]
+  verbs: ["create"]
+```
+
+Without this permission, the `exec` collectors fail silently. The support bundle is still generated and can be uploaded to the Vendor Portal, but `app-info.json` and `license.yaml` will be missing. The Vendor Portal displays warnings such as "No app-info file found" and "No license file found" when these files are absent.
+
+:::note
+KOTS installations include `pods/exec` permissions in the default kotsadm Role. For Helm CLI installations, you must ensure the service account used to run `kubectl support-bundle` has this permission.
+:::
+
 ## (Recommended) Customize the default support bundle spec {#customize-the-spec}
 
 You can customize the support bundle spec by:

@@ -23,4 +23,28 @@ Run the following command:
 
 ```bash
 kubectl support-bundle https://raw.githubusercontent.com/replicatedhq/troubleshoot-specs/main/in-cluster/default.yaml
-```
+```
+
+## Troubleshoot
+
+### Support bundle is missing app-info or license data
+
+#### Symptom
+
+After uploading a support bundle to the Vendor Portal, you see warnings: "No app-info file found" or "No license file found."
+
+#### Cause
+
+The Replicated SDK's built-in support bundle spec uses `exec` collectors to retrieve application and license information from the SDK pod. If the service account running the support bundle does not have `pods/exec` permissions with the `create` verb, these collectors fail silently and the data is not included in the bundle.
+
+#### Solution
+
+Add `pods/exec` permissions to the RBAC Role or ClusterRole for the service account running the support bundle:
+
+```yaml
+- apiGroups: [""]
+  resources: ["pods/exec"]
+  verbs: ["create"]
+```
+
+For more information, see [RBAC requirements for exec collectors](/vendor/support-bundle-customizing#exec-rbac).