# Тестовые поды для демонстрации kyverno apply --detailed-results.
# Под good-pod — проходит обе политики.
# Под bad-pod  — нарушает обе политики (нет limits, нет label 'owner').
---
apiVersion: v1
kind: Pod
metadata:
  name: good-pod
  namespace: default
  labels:
    app: demo
    owner: team-platform
spec:
  containers:
  - name: app
    image: nginx:1.25.3
    resources:
      requests:
        cpu: 50m
        memory: 64Mi
      limits:
        cpu: 200m
        memory: 256Mi
---
apiVersion: v1
kind: Pod
metadata:
  name: bad-pod
  namespace: default
  labels:
    app: demo
spec:
  containers:
  - name: app
    image: nginx:1.25.3
  - name: sidecar
    image: busybox:1.36
    command: ["sh", "-c", "sleep 3600"]
    resources:
      requests:
        cpu: 10m
        memory: 16Mi