I'm trying to prevent access to my cluster that bypasses my Cloudflare WAF. If I use nginx.ingress.kubernetes.io/whitelist-source-range it doesn't work, as I think it's using the user's IP address, not the one outgoing from Cloudflare.

I've tried with the folowing configmap to add this, but it doesn't seem to have any effect:

apiVersion: v1
data:
  enable-real-ip: "true"
  proxy-real-ip-cidr: "IP_LIST_HERE..."
  use-forwarded-headers: "true"
  forwarded-for-header: "CF-Connecting-IP"
kind: ConfigMap
metadata:
  name: nginx-configuration
  labels:
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx

How can I only allow access to the cluster through Cloudflare?