KubeSphere v4 扩展组件在calico下刷不出列表

zhminger

创建部署问题时，请参考下面模板，你提供的信息越多，越容易及时获得解答。如果未按模板创建问题，管理员有权关闭问题。
确保帖子格式清晰易读，用 markdown code block 语法格式化代码块。
你只花一分钟创建的问题，不能指望别人花上半个小时给你解答。

操作系统信息
例如：虚拟机，龙蜥8.9，8C16G x 2

Kubernetes版本信息

Client Version: v1.28.15
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.15

容器运行时

Version:  0.1.0
RuntimeName:  containerd
RuntimeVersion:  v1.7.13
RuntimeApiVersion:  v1

KubeSphere版本信息
v4.1.2，使用kk安装k8s，使用helm安装ks-core

apiVersion: kubekey.kubesphere.io/v1alpha2
kind: Cluster
metadata:
  name: open.sit
spec:
  hosts:
  - {name: node1, address: 10.16.1.1, internalAddress: 10.16.1.1, user: root, privateKeyPath: "~/.ssh/id_rsa"}
  - {name: node2, address: 10.16.1.2, internalAddress: 10.16.1.2, user: root, privateKeyPath: "~/.ssh/id_rsa"}
  roleGroups:
    etcd:
    - node1
    control-plane:
    - node1
    worker:
    - node1
    - node2
  controlPlaneEndpoint:
    internalLoadbalancer: kube-vip
    domain: lb.kubesphere.local
    address: "10.16.1.11"
    port: 6443
  kubernetes:
    version: v1.28.15
    clusterName: open.sit
    autoRenewCerts: true
    containerManager: containerd
  etcd:
    type: kubekey
  system:
    ntpServers:
      - '10.16.1.253'
    timezone: "Asia/Shanghai"
  network:
    plugin: calico
    kubePodsCIDR: 172.16.16.0/20
    kubeServiceCIDR: 172.16.0.0/20
    ## multus support. https://github.com/k8snetworkplumbingwg/multus-cni
    multusCNI:
      enabled: true
  registry:
    privateRegistry: ""
    namespaceOverride: ""
    registryMirrors: []
    insecureRegistries: []
  addons:
    - name: nfs-client
      namespace: kube-system
      sources:
        chart:
          name: nfs-client-provisioner
          repo: http://mirror.azure.cn/kubernetes/charts/
          valuesFile: /root/nfs-client.yaml

问题是什么
用calico安装，扩展组件列表刷不出来

kubectl describe repository.kubesphere.io extensions-museum
  
URL:        https://extensions-museum.kubesphere-system.svc
Events:
  Type     Reason      Age                     From        Message
  ----     ------      ----                    ----        -------
  Warning  SyncFailed  2m35s (x28 over 3h53m)  repository  failed to sync extensions from https://extensions-museum.kubesphere-system.svc: Get "https://extensions-museum.kubesphere-system.svc/index.yaml": dial tcp 172.16.8.90:443: connect: connection timed out

做过的排查如下

进入到extensions-museum容器里，nslookup域名解析正常；wget访问ip地址正常；wget访问域名地址显示bad address
新建一个Deployment，使用alpine镜像，nslookup域名解析正常；curl访问ip地址正常；curl访问域名正常，但需要好几秒。
容器的ndots设置小一点，上面1和2的域名访问都会正常，但设置小了又影响了内部域名解析..
换用network.plugin改用cilium安装，一切都是默认，正常，列表也有，但因cilium无法使用KubeSphere 网络插件，还是希望可以使用calico

zhminger

up一下

klj890

kubectl get po -A 是啥情况？

zhminger

klj890 全running