Deploying TEEMon

TEEMon is our monitoring infrastructure for Kubernetes clusters. TEEMon provides fine-grained performance metrics during runtime, including SGX metrics like free EPC pages and pages evicted to main memory. It is integrated with several open-source tools: Prometheus, Grafana and Node Exporter. We also added a special exporter for SGX-related metrics.

Prerequisites

• A Kubernetes cluster
• Helm is deployed
• Kubernetes SGX plugin is installed
• We granted you access to sconeapps and TEEMon container images
• Metrics SGX driver extension is installed

TEEMon requires SGX driver metrics extension

TEEMon collects SGX-related metrics that are provided by our SGX Driver metrics extension. In Kubernetes clusters without this driver extension (like on AKS), TEEMon will not run correctly.

Deployment

The monitoring framework runs in native mode. Hence, we delegate the secret management of TEEMon to Kubernetes. Grafana requires an admin password. Hence, we need to set an admin username and password as a Kubernetes secret named teemon. We set MY_PASSWORD to a new random password first and then create a new secret:

export MY_PASSWORD=$(openssl rand -base64 32)
kubectl create secret generic teemon --from-literal=username=admin --from-literal=password="$MY_PASSWORD"

The sconeapps/teemon chart will deploy TEEMon. In most cases, just execute:

helm install teemon sconeapps/teemon

The configuration parameters learn about with the help of KubeApps.

You can now connect to the TEEMon dashboard as follows:

kubectl port-forward  svc/teemon-grafana 8099:80

The TEEMon dashboard can now be viewed at:

http://localhost:8099/

Dashboard

TEEMon provides out of the box three dashboards:

• an SGX dashboard to show resource metrics related to Intel SGX:

• an Docker dashboard to show the metrics related to containers:

• an infrastructure dashboard to display resource metrics of the different nodes of a Kubernetes cluster: