From f1e897a86bb52de8234c2735fca1d7f31c94da38 Mon Sep 17 00:00:00 2001
From: Tiago Silva <tiago.silva@goteleport.com>
Date: Thu, 19 Jan 2023 22:30:51 +0000
Subject: [PATCH] Allow `access` role to access pods (#20402)

This PR adds full access to `pod` resources on every namespace for
default role `access`.

Fixes #20401
---
 lib/services/presets.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/services/presets.go b/lib/services/presets.go
index df8e3687bcb..85edbdadf60 100644
--- a/lib/services/presets.go
+++ b/lib/services/presets.go
@@ -113,6 +113,13 @@ func NewPresetAccessRole() types.Role {
 				DatabaseLabels:       types.Labels{types.Wildcard: []string{types.Wildcard}},
 				DatabaseNames:        []string{teleport.TraitInternalDBNamesVariable},
 				DatabaseUsers:        []string{teleport.TraitInternalDBUsersVariable},
+				KubernetesResources: []types.KubernetesResource{
+					{
+						Kind:      types.KindKubePod,
+						Namespace: types.Wildcard,
+						Name:      types.Wildcard,
+					},
+				},
 				Rules: []types.Rule{
 					types.NewRule(types.KindEvent, RO()),
 					{