diff --git a/apps/infra/net/nginx/helmchart.yaml b/apps/infra/net/nginx/helmchart.yaml
index da3cbbe..57429e2 100644
--- a/apps/infra/net/nginx/helmchart.yaml
+++ b/apps/infra/net/nginx/helmchart.yaml
@@ -42,6 +42,8 @@ spec:
       enableAnnotationValidations: false
       config:
         use-forwarded-headers: "true"
+        enable-real-ip: "true"
+        proxy-real-ip-cidr: "10.0.0.0/8,100.64.0.0/10"
         allow-snippet-annotations: "true"
         annotations-risk-level: Critical
         # 启用http2
diff --git a/apps/kube/coredns/nodelocaldns.yaml b/apps/kube/coredns/nodelocaldns.yaml
index a7e9a76..0467b82 100644
--- a/apps/kube/coredns/nodelocaldns.yaml
+++ b/apps/kube/coredns/nodelocaldns.yaml
@@ -120,16 +120,6 @@ spec:
         prometheus.io/port: "9253"
         prometheus.io/scrape: "true"
     spec:
-      # 控制面板不启用
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-              - matchExpressions:
-                  - key: node-role.kubernetes.io/control-plane
-                    operator: NotIn
-                    values:
-                      - "true"
       priorityClassName: system-node-critical
       serviceAccountName: node-local-dns
       hostNetwork: true