Cloudflare Zero Trust - Kuberntes Nginx Whitelisting

We are currently testing Cloudflare Zero trust and using Warp to connect to AWS private subnets. It is all working fine. Our next goal is to only allow VPN users to connect to some ingress endpoints exposed via Nginx ingress controller in kubernetes. To do this, I am using annotation which helps in allowing only allowed CIDR ranges. Here I have use the whole VPC range as I thought the cloudflared endpoint present in the same VPC will send traffic to Nginx. However, I found that the client IP is 104.x.x.x. that cloudflare is assigning to our machines.

I am looking for the list of IPs or CIDR range that Cloudflare zero trust will be using for our account. is there any way?
If this is not the right way, how can we achieve this i.e. blocking non-zero trust traffic to Kubernetes ingress endpoints.