Hi,
I have one icinga master and a one agent both deployed on docker containers.
When the master execute a check_disk command on the agent, it checks the disk of the docker container, but me I want to check the disk of the VM hosting the docker container. .
First, this works as intended. Even while Docker itself is not a security-related sandbox, this encapsulation is a desired feature.
Saying so much, you could run the Icinga Docker container as a privileged one, accessing host resources. Another, less invasive method would be to pass all mount points you want to monitor from the host to the container down as volumes.
host $ docker run -t -it --rm -v /boot:/boot debian:bookworm bash
root@e2cdddd684d5:/# df -h /boot
Filesystem Size Used Avail Use% Mounted on
/dev/nvme0n1p1 510M 170M 341M 34% /boot
Please note that by doing so, you grant the container kinda privileged access to your host. This can have security implications, especially if you are using a root user within the container.
Another potentially less intrusive method would be to connect from the container to your host with a restricted user, e.g., via SSH. Afterwards, the Icinga 2 Agent within the container can execute commands on the host via by_ssh.
Honestly, all those suggestions are ugly hacks. I would advise you to just install an Icinga 2 Agent on your host, if you desire to monitor the host. Otherwise, the Docker environment will just get in your way, potentially hiding relevant information from you which you want to monitor.
Totally agree, and I would go further: if it is the Docker host that you want to monitor, do that from outside the Docker host, so you can have visibility on the Docker host sanity even in case the Docker host is failing.