Can you use a Sensu agent container to monitor the container host?

A question came up as a comment to the “new in Sensu Go” webinar Youtube video

I’ve seen this question asked in one form or another a few times now. I’m going to slightly re-interpret the question and re-ask succinctly as:

“Can you use a Sensu agent container to monitor the container host?”

tl; dr
Yes – but you’ll need to make use of some advanced features in your container orchestration, so the details depends on your configuration.

The longer version
Container orchestration whether it be Docker or Kubernetes is generally designed to isolate containers from having privileged access to some aspects of the host system by default. This is done using several linux kernel technologies (namespaces and capabilities).

You can undo this isolation to some extent using advanced container runtime settings or bind mounting filesystems from the host into the Sensu agent container. For example in Docker on linux you can bind mount additional host filesystems and explicitly set linux kernel capabilities at container runtime. In effect you can grant access to the host system to the Sensu agent container. Exactly what you need to expose from the host will depend on your anticipated workloads.

Generally I find it’s less complicated to use a native Sensu agent service running on the Docker or Kubernetes host if I need to monitor aspects of the host itself.