HTTP API

When you run Saurron, the app starts an HTTP server listening on port 8080 (configurable with the --http-api-port option).

All endpoints except GET /v1/health require Bearer token auth (Authorization: Bearer <token>). The GET /v1/metrics endpoint can be made unauthenticated via --http-api-metrics-no-auth - useful when Prometheus scrapes from trusted network without bearer token support.

The HTTP API is not available when using the --run-once option.

GET /v1/health

Returns 200 OK when service running. Suitable as Docker healthcheck. Unauthenticated; no Bearer token required.

Example

$ curl http://localhost:8080/v1/health
{"status":"ok"}

GET /v1/metrics

Returns Prometheus metrics in standard text exposition format. Tracked metrics:

Metric Type Description
saurron_scans_total Counter Total update cycles run
saurron_scans_skipped Counter Cycles skipped due to concurrent update
saurron_containers_scanned Gauge Containers checked in last cycle
saurron_containers_updated Gauge Containers updated in last cycle
saurron_containers_failed Gauge Containers that failed to update in last cycle

Response (JSON)

{
  "saurron_scans_total": 3,
  "saurron_scans_skipped": 0,
  "saurron_containers_scanned": 35,
  "saurron_containers_updated": 7,
  "saurron_containers_failed": 1
}

Example

$ curl http://localhost:8080/v1/metrics \
    -H 'Authorization: Bearer ABC123'

POST /v1/update

Triggers an immediate update check. By default, Saurron will only check containers in the running state. The following options enable additional states:

Container state Option
created --revive-stopped / SAURRON_REVIVE_STOPPED
exited --revive-stopped / SAURRON_REVIVE_STOPPED
restarting --include-restarting / SAURRON_INCLUDE_RESTARTING

If Saurron is already in the middle of an update cycle, this will return 409 Conflict with an empty response body.

Parameters

Scope filters can be supplied as query parameters, as a JSON request body, or as a form-encoded request body. Supplying the same field in both query params and the body returns 400 Bad Request.

Field Description
container Restrict to one or more container names. Comma-separated string or (JSON only) array.
image Restrict to containers whose image starts with the given prefix. Comma-separated string or (JSON only) array.

Status codes

Code Meaning
200 OK Cycle completed; body is a JSON SessionReport.
400 Bad Request A filter field was supplied in both query params and body, or the body could not be parsed. Body contains {"error": "..."}.
409 Conflict Another update cycle is already running.
415 Unsupported Media Type A non-empty body was sent with a Content-Type other than application/json or application/x-www-form-urlencoded.

Examples

No filter — update all containers:

$ curl -XPOST http://localhost:8080/v1/update \
    -H 'Authorization: Bearer ABC123'

Query parameter:

$ curl -XPOST 'http://localhost:8080/v1/update?container=nginx,redis' \
    -H 'Authorization: Bearer ABC123'

JSON body — comma-separated string:

$ curl -XPOST http://localhost:8080/v1/update \
    -H 'Authorization: Bearer ABC123' \
    -H 'Content-Type: application/json' \
    -d '{"container": "nginx,redis"}'

JSON body — array:

$ curl -XPOST http://localhost:8080/v1/update \
    -H 'Authorization: Bearer ABC123' \
    -H 'Content-Type: application/json' \
    -d '{"container": ["nginx", "redis"], "image": "myorg/myapp"}'

Form-encoded body:

$ curl -XPOST http://localhost:8080/v1/update \
    -H 'Authorization: Bearer ABC123' \
    --data-urlencode 'container=nginx,redis'

This site uses Just the Docs, a documentation theme for Jekyll.