From c19e369c82b1d309686dddcffc1e6b78dac276d4 Mon Sep 17 00:00:00 2001
From: Marco Ebert <marco@giantswarm.io>
Date: Mon, 9 Oct 2023 16:03:58 +0200
Subject: [PATCH] Default Backend/PSP: Reorder fields.

See https://v1-24.docs.kubernetes.io/docs/concepts/security/pod-security-policy.
---
 .../templates/default-backend-psp.yaml        | 40 +++++++++----------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/charts/ingress-nginx/templates/default-backend-psp.yaml b/charts/ingress-nginx/templates/default-backend-psp.yaml
index b71d52137..a592f274d 100644
--- a/charts/ingress-nginx/templates/default-backend-psp.yaml
+++ b/charts/ingress-nginx/templates/default-backend-psp.yaml
@@ -11,28 +11,28 @@ metadata:
     {{- toYaml . | nindent 4 }}
     {{- end }}
 spec:
-  allowPrivilegeEscalation: false
-  fsGroup:
-    ranges:
-      - max: 65535
-        min: 1
-    rule: MustRunAs
-  requiredDropCapabilities:
-    - ALL
-  runAsUser:
-    rule: MustRunAsNonRoot
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    ranges:
-      - max: 65535
-        min: 1
-    rule: MustRunAs
   volumes:
     - configMap
-    - emptyDir
-    - projected
-    - secret
     - downwardAPI
+    - emptyDir
+    - secret
+    - projected
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      - min: 1
+        max: 65535
+  runAsUser:
+    rule: MustRunAsNonRoot
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      - min: 1
+        max: 65535
+  allowPrivilegeEscalation: false
+  requiredDropCapabilities:
+    - ALL
+  seLinux:
+    rule: RunAsAny
 {{- end }}
 {{- end }}