Deploying TEEMon
TEEMon is our monitoring infrastructure for Kubernetes clusters. TEEMon provides fine-grained performance metrics during runtime, including SGX metrics like free EPC pages and pages evicted to main memory. It is integrated with several open-source tools: Prometheus, Grafana and Node Exporter. We also added a special exporter for SGX-related metrics.
Prerequisites
- A Kubernetes cluster
- Helm is deployed
- Kubernetes SGX plugin is installed
- We granted you access to sconeapps and
TEEMon
container images - Metrics SGX driver extension is installed
TEEMon requires SGX driver metrics extension
TEEMon collects SGX-related metrics that are provided by our SGX Driver metrics extension. In Kubernetes clusters without this driver extension (like on AKS), TEEMon will not run correctly.
Deployment
The monitoring framework runs in native mode. Hence, we delegate the secret management of TEEMon to Kubernetes.
Grafana requires an admin password. Hence, we need to set an admin username and password as a Kubernetes secret named teemon
. We set MY_PASSWORD
to a new random password first and then create a new secret:
export MY_PASSWORD=$(openssl rand -base64 32)
kubectl create secret generic teemon --from-literal=username=admin --from-literal=password="$MY_PASSWORD"
The sconeapps/teemon
chart will deploy TEEMon. In most cases, just execute:
helm install teemon sconeapps/teemon
The configuration parameters learn about with the help of KubeApps.
You can now connect to the TEEMon dashboard as follows:
kubectl port-forward svc/teemon-grafana 8099:80
The TEEMon dashboard can now be viewed at:
Dashboard
TEEMon provides out of the box three dashboards:
- an SGX dashboard to show resource metrics related to Intel SGX:

- an Docker dashboard to show the metrics related to containers:

- an infrastructure dashboard to display resource metrics of the different nodes of a Kubernetes cluster:
