无法从新加入的节点访问 kubernetes pod api

我使用以下命令加入了一个新的 kubenretes 节点：

kubeadm join 172.29.217.209:6443 --token jew814.e5iof6qwvzg46d9q --discovery-token-ca-cert-hash sha256:21919c93d652

这是当前的节点状态：

> kubectl get nodes -o wide
NAME           STATUS   ROLES           AGE      VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION                CONTAINER-RUNTIME
k8smasterone   Ready    control-plane   2y100d   v1.28.1   172.29.217.209   <none>        CentOS Linux 7 (Core)            3.10.0-1160.95.1.el7.x86_64   containerd://1.6.12
k8sslave01     Ready    <none>          22h      v1.28.3   172.29.161.175   <none>        Debian GNU/Linux 12 (bookworm)   6.1.0-13-amd64                containerd://1.6.20

我尽量让两个节点的 kubernetes 版本相同，k8sslave01 上的 kube-proxy 日志如下：

I1112 09:12:24.749986       1 node.go:141] Successfully retrieved node IP: 172.29.161.175
I1112 09:12:24.750830       1 conntrack.go:52] "Setting nf_conntrack_max" nfConntrackMax=131072
I1112 09:12:24.770716       1 server.go:632] "kube-proxy running in dual-stack mode" primary ipFamily="IPv4"
I1112 09:12:24.777426       1 server_others.go:218] "Using ipvs Proxier"
I1112 09:12:24.777460       1 server_others.go:421] "Detect-local-mode set to ClusterCIDR, but no cluster CIDR for family" ipFamily="IPv6"
I1112 09:12:24.777466       1 server_others.go:438] "Defaulting to no-op detect-local"
I1112 09:12:24.777710       1 proxier.go:408] "IPVS scheduler not specified, use rr by default"
I1112 09:12:24.777899       1 proxier.go:408] "IPVS scheduler not specified, use rr by default"
I1112 09:12:24.777946       1 ipset.go:116] "Ipset name truncated" ipSetName="KUBE-6-LOAD-BALANCER-SOURCE-CIDR" truncatedName="KUBE-6-LOAD-BALANCER-SOURCE-CID"
I1112 09:12:24.777972       1 ipset.go:116] "Ipset name truncated" ipSetName="KUBE-6-NODE-PORT-LOCAL-SCTP-HASH" truncatedName="KUBE-6-NODE-PORT-LOCAL-SCTP-HAS"
I1112 09:12:24.778047       1 server.go:846] "Version info" version="v1.28.2"
I1112 09:12:24.778084       1 server.go:848] "Golang settings" GOGC="" GOMAXPROCS="" GOTRACEBACK=""
I1112 09:12:24.778478       1 config.go:97] "Starting endpoint slice config controller"
I1112 09:12:24.778572       1 shared_informer.go:311] Waiting for caches to sync for endpoint slice config
I1112 09:12:24.778639       1 config.go:188] "Starting service config controller"
I1112 09:12:24.778696       1 shared_informer.go:311] Waiting for caches to sync for service config
I1112 09:12:24.778789       1 config.go:315] "Starting node config controller"
I1112 09:12:24.778801       1 shared_informer.go:311] Waiting for caches to sync for node config
I1112 09:12:24.879459       1 shared_informer.go:318] Caches are synced for service config
I1112 09:12:24.879517       1 shared_informer.go:318] Caches are synced for endpoint slice config
I1112 09:12:24.879688       1 shared_informer.go:318] Caches are synced for node config

但是当我尝试从 k8sslave01 访问 kubernetes pod时：

root@k8sslave01:/var/lib# curl -k https://10.96.0.1:443
curl: (28) Failed to connect to 10.96.0.1 port 443 after 130551 ms: Couldn't connect to server

k8sslave01 上的 pod 也失败了。什么原因可能导致此问题？是否可以仅通过启动 kube-proxy 来访问主服务器上的 pod？