I’ve set up whitelist annotation on my ingress, on Kubernetes cluster, but in logs there are wrong IP-s, so it doesn’t work.

Here is ingress configuration:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: test
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/whitelist-source-range: '10.0.0.0/8,X.X.X.X'
spec:
  rules:
    - host: web.manitestdomain.com
      http:
        paths:
          - backend:
              serviceName: service
              servicePort: 80

And testing configuration:

$ curl ipinfo.io/ip
X.X.X.X

Then:

$ curl -I web.manitestdomain.com
HTTP/1.1 403 Forbidden
Server: openresty/1.15.8.2
Date: Mon, 02 Mar 2020 12:45:24 GMT
Content-Type: text/html
Content-Length: 159
Connection: keep-alive
Strict-Transport-Security: max-age=15724800; includeSubDomains

And logs from ingress-controller:

167.71.33.9 - - [02/Mar/2020:12:45:24 +0000] "HEAD / HTTP/1.1" 403 0 "-" "curl/7.65.3" 84 0.000 [service-80] [] - - - - 

So my IP was X.X.X.X and ingress controller received 167.71.33.9.
Why is it happening and how can I fix it?