10.96.0.1:443 timed out

trying to install ingress-ngix, got to the point where I needed to create the ingress-controller daemonset using
kubectl apply -f daemon-set/nginx-ingress.yaml

But pod creation failed. pod status=crashloopbackoff. ssh into the worker node, pod log shows
{“log”:“F1029 21:01:08.994886 1 main.go:272] error retrieving k8s version: Get “https://10.96.0.1:443/version?timeout=32s”: dial tcp 10.96.0.1:443: i/o timeout\n”,“stream”:“stderr”,“time”:“2020-10-29T21:01:08.99551667Z”}

Cluster is bare-metal Ubuntu with 2 masters and 2 worker nodes with a NGINX loadbalancer. I am able to deploy a simple nginx webapp and access the page using node:nodeport (example: 192.168.254.43:30333). But I’m not able to ping the cluster-ip (10.96.0.1) from any master or worker nodes or any pods

kubectl cluster-info
Kubernetes master is running at https://192.168.254.35:6443
KubeDNS is running at https://192.168.254.35:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

where .254.35 is the load balancer.

kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.254.38 Ready master 14d v1.19.2
192.168.254.46 Ready 14d v1.19.2
192.168.254.43 Ready 3h48m v1.19.2
192.168.254.42 Ready master 14d v1.19.2

here’s how I init with kubeadm

kubeadm init --control-plane-endpoint=“192.168.254.35:6443” --upload-certs --apiserver-advertise-address=192.168.254.38 --pod-network-cidr=192.168.0.0/16

network is Calico. I downloaded their sample calico yaml a few weeks ago by running:

curl https://docs.projectcalico.org/manifests/calico.yaml -O
kubectl apply -f calico.yaml

appreciate any help. thx