Linux generally constrains non-internet-protocol packets to trusted users and trusted executables. The ping executable is one of them. For Ignition to be trusted with ICMP packets, you need to add to its privileges. The simplest solution is with a SystemD service override for AmbientCapabilities=CAP_NET_RAW. I recommend this:
{Note that CAP_NET_BIND_SERVICE is what allows a non-root process to use ports 80 and 443, if you are so inclined.}
If you are using Docker, the IA image doesn't use SystemD. See this topic: