Node_exporter into a incus container-app?

whoo · January 9, 2026, 2:24am

Hi folks,

I’m trying to collect host metric from an incus container app (or a container)
I’have a working docker-compose … but I’m not able to translate to a working incus
instance.

I tried

security.privileged: "true"
raw.lxc: lxc.namespace.clone = net ipc cgroup pid

It is not a good idea because the host is replaced by the container, fun but dangerous because you need to restart in safe mode to fix it.

Is it possible?
If yes, is there a configuration to consider?
Thanks for your advice.

my compose.yml

node_exporter:
     image:  quay.io/prometheus/node-exporter:latest
     command:
          - ‘–path.rootfs=/host’
     pid: host
     restart: unless-stopped
     stop_signal: SIGKILL
     network_mode: host
     volumes:
          - ‘/:/host:ro,rslave’

accuser · January 9, 2026, 5:17am

I’ve got a node_exporter system container hosted on an IncusOS instance. I’ve used Alpine with cloud-init to build the container. Here is the expanded configuration, but with the image.* and volatile.* keys pruned:

config:
  boot.autorestart: “true”
  cloud-init.user-data: |
    #cloud-config
    package_update: true
    packages:
      - prometheus-node-exporter
    write_files:
      # OpenRC configuration for node-exporter
      - path: /etc/conf.d/node-exporter
        permissions: '0644'
        content: |
          ARGS="--web.listen-address=:9100"
          ARGS="$ARGS --path.rootfs=/host"
          ARGS="$ARGS --path.procfs=/host/proc"
          ARGS="$ARGS --path.sysfs=/host/sys"
    runcmd:
      - rc-update add node-exporter default
      - rc-service node-exporter start
  limits.cpu: "1"
  limits.memory: 128MB
  limits.memory.enforce: hard
  security.privileged: "false"
devices:
  host-proc:
    path: /host/proc
    readonly: "true"
    source: /proc
    type: disk
  host-root:
    path: /host
    readonly: "true"
    source: /
    type: disk
  host-sys:
    path: /host/sys
    readonly: "true"
    source: /sys
    type: disk
  root:
    path: /
    pool: local
    size: 512MB
    type: disk

Note the disk devices, their mount points, and how node-exporter is configured with their paths.

stgraber · January 9, 2026, 7:39am

Just wondering why you’ve had to do that?

IncusOS runs node-exporter on the host system already and those metrics get merged with the Incus ones when you access /1.0/metrics.

accuser · January 9, 2026, 7:44am

This is an older container that I deployed, and I’ve only just seen the metrics API.

@whoo - ignore me! Use the metrics API as @stgraber suggests!

whoo · January 9, 2026, 11:49pm

On my side,

I use Incus on a desktop computer to run VM and container applications.
Server & applications run on containers, host run “desktop app”
I switched to Incus for simplified management and bridged network support.

IncusOS is not possible on my side.