I know, this was just an example to clarify the issue why checking the cluster won’t work.
Yes, that is one way how we execute some checks that only work on the cluster object.
They are no problem because no icinga-agent is involved.
What I try to approach for example are checks that would succeed on the cluster, succeed on the active master node and would fail on the inactive slave node, e.g. a check_disk for a cluster-resource like /data/drbd which is always mounted on the master node but never on the inactive one.
What were your approach for such cases? Besides for example rivad’s approach with a dummy-check combined with icinga-dsl:
From my point of view an icinga-agent certificate with a node’s endpoint-name as CN and the clusters endpoint-name as Subject Alternative Name were one without much icinga-dsl wizardry.