Admin Container
The admin container provides tools for key rotation, migration status checks, and other administrative tasks in production environments.
Note: Migrations are auto-applied on server startup. The admin container’s
migratecommand is primarily for checking status or running migrations separately in special cases.
Building
Section titled “Building”docker build --target admin -f docker/Dockerfile.unified -t everruns-admin .Commands
Section titled “Commands”| Command | Description |
|---|---|
migrate | Run pending database migrations |
migrate-info | Show migration status |
reencrypt | Re-encrypt secrets with new key |
shell | Interactive shell for debugging |
help | Show usage information |
Check Migration Status
Section titled “Check Migration Status”Use this before deployments to verify migration state:
docker run --rm \ -e DATABASE_URL="postgres://user:pass@host:5432/db" \ everruns-admin migrate-infoRun Migrations Manually
Section titled “Run Migrations Manually”Migrations auto-apply on server startup. Use this only for:
- Running migrations without starting the server
- Debugging migration issues (with
--no-migrationson server)
docker run --rm \ -e DATABASE_URL="postgres://user:pass@host:5432/db" \ everruns-admin migrateRe-encrypt Secrets (Dry Run)
Section titled “Re-encrypt Secrets (Dry Run)”docker run --rm \ -e DATABASE_URL="postgres://user:pass@host:5432/db" \ -e SECRETS_ENCRYPTION_KEY="kek-v2:..." \ -e SECRETS_ENCRYPTION_KEY_PREVIOUS="kek-v1:..." \ everruns-admin reencrypt --dry-runRe-encrypt Secrets (Execute)
Section titled “Re-encrypt Secrets (Execute)”docker run --rm \ -e DATABASE_URL="postgres://user:pass@host:5432/db" \ -e SECRETS_ENCRYPTION_KEY="kek-v2:..." \ -e SECRETS_ENCRYPTION_KEY_PREVIOUS="kek-v1:..." \ everruns-admin reencrypt --batch-size 50Environment Variables
Section titled “Environment Variables”| Variable | Required | Description |
|---|---|---|
DATABASE_URL | Yes | PostgreSQL connection string |
SECRETS_ENCRYPTION_KEY | For reencrypt | Primary encryption key |
SECRETS_ENCRYPTION_KEY_PREVIOUS | For rotation | Previous encryption key |
RUST_LOG | No | Log level (default: info) |
TLS/SSL Connections
Section titled “TLS/SSL Connections”The admin container supports TLS connections to PostgreSQL. Use the sslmode parameter in your connection string:
DATABASE_URL="postgres://user:pass@host:5432/db?sslmode=require"Migration Troubleshooting
Section titled “Migration Troubleshooting”Migration Fails on Startup
Section titled “Migration Fails on Startup”If the server won’t start due to a migration error:
- Check server logs for the specific SQL error
- Fix the migration file
- Rebuild and redeploy
Bad Migration Deployed
Section titled “Bad Migration Deployed”If a migration succeeded but caused issues, use forward-fix:
# Create a new migration that fixes the problemsqlx migrate add -r fix_bad_migration# Edit the migration, then redeployEmergency: Manual Database Fix
Section titled “Emergency: Manual Database Fix”For emergencies where you need to manually fix the database:
# Start server without auto-migrationseverruns-server --no-migrations
# Connect and fix manuallypsql -h host -U everruns -d everruns> -- Fix schema issues> DELETE FROM _sqlx_migrations WHERE version = 006; -- If needed
# Restart server normallyeverruns-serverProduction Deployment
Section titled “Production Deployment”The admin container can be run as a one-off task in any container orchestration platform:
- Kubernetes: Use a Job or run via
kubectl run - ECS: Use
aws ecs run-taskwith command override - Docker Compose: Use
docker compose run - Nomad: Use a batch job