Allow access role to access pods (#20454)

This PR adds full access to `pod` resources on every namespace for default role `access`. Fixes #20401
gravitational · Jan 20, 2023 · 9506c02 · 9506c02
1 parent 18dc57b
commit 9506c02
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/lib/services/presets.go b/lib/services/presets.go
@@ -113,6 +113,13 @@ func NewPresetAccessRole() types.Role {
 				DatabaseLabels:       types.Labels{types.Wildcard: []string{types.Wildcard}},
 				DatabaseNames:        []string{teleport.TraitInternalDBNamesVariable},
 				DatabaseUsers:        []string{teleport.TraitInternalDBUsersVariable},
+				KubernetesResources: []types.KubernetesResource{
+					{
+						Kind:      types.KindKubePod,
+						Namespace: types.Wildcard,
+						Name:      types.Wildcard,
+					},
+				},
 				Rules: []types.Rule{
 					types.NewRule(types.KindEvent, RO()),
 					{