I have been trying skip TLS verify in K6 scripts but getting below error
msg=“Failed to send the time series data to the endpoint” error=“HTTP POST request failed: Post "https://.../api/v1/push”: tls: failed to verify certificate: x509: certificate signed by unknown authority" output=“Prometheus remote write”
TLS handshake is happening
http_req_tls_handshaking.......: avg=208.3ms min=208.3ms med=208.3ms max=208.3ms p(90)=208.3ms p(95)=208.3ms
tried passing “insecureSkipTLSVerify: true” in options
passed as flag (–insecure-skip-tls-verify)
k6 run -o experimental-prometheus-rw -e 'K6_PROMETHEUS_RW_SERVER_URL=https://****/api/v1/push' --insecure-skip-tls-verify k6/sample/prfm_hpp.js
Any help/pointers are appreciated. Thanks in advance
--insecure-skip-tls-verify affects only the HTTP requests made from your test, not any result output modules, such as the Prometheus remote write.
To disable TLS verification for the Prometheus output module, you need to set K6_PROMETHEUS_RW_INSECURE_SKIP_TLS_VERIFY to true:
k6 run -o experimental-prometheus-rw -e K6_PROMETHEUS_RW_INSECURE_SKIP_TLS_VERIFY=true -e 'K6_PROMETHEUS_RW_SERVER_URL=https://****/api/v1/push' k6/sample/prfm_hpp.js
This is insecure (as the option name features very prominently) and opens you up for man-in-the-middle attacks – you are no longer verifying the server's identity. Any TLS certificate is considered valid when this option is enabled.
The metric http_req_tls_handshaking does not contain the handshakes to Prometheus, but only the TLS handshakes performed in your test function(s).