diff --git a/platform/ingress-nginx/kustomization.yaml b/platform/ingress-nginx/kustomization.yaml
index ee879ed..c7364ee 100644
--- a/platform/ingress-nginx/kustomization.yaml
+++ b/platform/ingress-nginx/kustomization.yaml
@@ -1,22 +1,18 @@
----
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/do/deploy.yaml
-patchesStrategicMerge:
-  - |-
+- https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.10.1/deploy/static/provider/do/deploy.yaml
+patches:
+- patch: |-
     apiVersion: v1
     kind: Service
     metadata:
       annotations:
-        # set by upstream
-        # service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
-        # documented in https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md#servicebetakubernetesiodo-loadbalancer-name
         service.beta.kubernetes.io/do-loadbalancer-name: "do-k8s-ingress-lb"
         service.beta.kubernetes.io/do-loadbalancer-tls-passthrough: "true"
       name: ingress-nginx-controller
       namespace: ingress-nginx
-  - |-
+- patch: |-
     apiVersion: apps/v1
     kind: Deployment
     metadata:
@@ -24,3 +20,14 @@ patchesStrategicMerge:
       namespace: ingress-nginx
     spec:
       replicas: 3
+- target:
+    kind: ConfigMap
+    name: ingress-nginx-controller
+    namespace: ingress-nginx
+  patch: |
+    - op: add
+      path: /data/enable-real-ip
+      value: "true"
+    - op: add
+      path: /data/proxy-real-ip-cidr
+      value: "23.235.32.0/20,43.249.72.0/22,103.244.50.0/24,103.245.222.0/23,103.245.224.0/24,104.156.80.0/20,140.248.64.0/18,140.248.128.0/17,146.75.0.0/17,151.101.0.0/16,157.52.64.0/18,167.82.0.0/17,167.82.128.0/20,167.82.160.0/20,167.82.224.0/20,172.111.64.0/18,185.31.16.0/22,199.27.72.0/21,199.232.0.0/16,2a04:4e40::/32,2a04:4e42::/32"