How to solve "Bad Certificate" error on kubernetes pod?

I am trying to set up a kubernetes pod in order for it to connect to a device, specifically a F5 BIG-IP appliance.

The deployment appears to be OK, in fact i had to modify a code snippet I found online.

When the pods is trying to start up, i got an error. So I started my investigation:

Running kubectl logs <pod_name> -n <namespace> returns an error:

REST call error: Get <URL>: x509: cannot validate certificate for <IP> because it doesn't contain any IP SANs

By looking at a wireshark dump on the interface, I se that there's a TLS 1.2 alert (fatal) with a description of "bad certificate" sent from the client to the server.

So I looked online, and I found some articles saying it's a problem with kubernetes trying to connect to the server but not recognizing it - at least I think that's what they meant. One of the suggested workarounds was to apply a DNS name, so I modified the /etc/hosts file in order to use the DNS name within the deployment YAML file.

The result is that the error message changes to:

REST call error: Get <URL>: dial tcp: lookup <hostname>: device or resource busy

Any ideas on what the problem might be and how to solve it?

This is a test environment so I wouldn't mind -let me say- "unorthodox" methods, such as ignoring the certificate check, but I'd appreciate it if there were solutions or workarounds which I could eventually bring into production.

Thanks for any input you might have.

Solution 1:

I found the issue. It appears that within the deployment YAML file it was possible to set a --insecure=true flag. This forced the device to not check the certificate, and successfully connect to the F5 appliance.