TEEMon is our monitoring infrastructure for Kubernetes clusters. TEEMon provides fine-grained performance metrics during runtime, including SGX metrics like free EPC pages and pages evicted to main memory. It is integrated with several open-source tools: Prometheus, Grafana and Node Exporter. We also added a special exporter for SGX-related metrics.
TEEMon requires SGX driver metrics extension
TEEMon collects SGX-related metrics that are provided by our SGX Driver metrics extension. In Kubernetes clusters without this driver extension (like on AKS), TEEMon will not run correctly.
The monitoring framework runs in native mode. Hence, we delegate the secret management of TEEMon to Kubernetes.
Grafana requires an admin password. Hence, we need to set an admin username and password as a Kubernetes secret named
teemon. We set
MY_PASSWORD to a new random password first and then create a new secret:
export MY_PASSWORD=$(openssl rand -base64 32) kubectl create secret generic teemon --from-literal=username=admin --from-literal=password="$MY_PASSWORD"
sconeapps/teemon chart will deploy TEEMon. In most cases, just execute:
helm install teemon sconeapps/teemon
The configuration parameters learn about with the help of KubeApps.
You can now connect to the TEEMon dashboard as follows:
kubectl port-forward svc/teemon-grafana 8099:80
The TEEMon dashboard can now be viewed at:
TEEMon provides out of the box three dashboards:
- an SGX dashboard to show resource metrics related to Intel SGX:
- an Docker dashboard to show the metrics related to containers:
- an infrastructure dashboard to display resource metrics of the different nodes of a Kubernetes cluster: