Make sure you enable server backups before using ftrack in production. Read more about server backups. It is also important to set up monitoring of your servers. Doing so will prevent unnecessary downtime in the future, e.g., when running out of disk space.
Installation
Make sure to complete all the steps in the requirements guide together with all verification steps before proceeding with the installation of ftrack.
Before installing ftrack into the Kubernetes cluster using Helm, you must provide a basic configuration file. Here’s how to do it.
Create a file named ftrack.yaml with the following content, then update it with your details:
secret: A_LONG_RANDOM_STRING
url: http://YOUR_SERVER_URL
id: SERVER_IDENTIFIER
database:
host: IP_ADDRESS_OF_MARIADB
imageRegistry:
password: PASSWORD_PROVIDED_BY_FTRACK
localPersistentVolume:
path: /ftrack/data
- A_LONG_RANDOM_STRING: This is a secret used server-side. You should not share it with anyone. It should be random and reasonably long (20+ chars).
- SERVER_IDENTIFIER: A lowercase string (e.g. company-name-prod) tied to your license key(s). Either provided by ftrack or specified by the customer.
- YOUR_SERVER_URL: The DNS pointing to your ftrack server. It can also be an IP address while testing. YOUR_SERVER_URL must be reachable both externally and internally within the cluster. Make sure to add the correct protocol if you are using http or https.
- IP_ADDRESS_OF_MARIADB: Must be an IP address and cannot be set to localhost or 127.0.0.1, as those are not valid from Kubernetes.
- PASSWORD_PROVIDED_BY_FTRACK: This is the docker registry password unique to you, which is provided by ftrack.
To obtain the local IP address of the database server, run the following commands:
hostname -i
To generate a secret, use:
python -c 'import uuid;print uuid.uuid4()'
If you are using network storage via NFS, replace the "localPersistentVolume" part with:
nfsPersistentVolume:
enabled: true
path: /STORAGE/PATH
server: NFS-SERVER-IP
The configuration file will now be in place.
Download the installation package from the releases section:
curl -o ftrack.tar.gz "URL_TO_PACKAGE"
In the above example command, you can replace URL_TO_PACKAGE with the link to the hosted release.
Next, install ftrack into your Kubernetes cluster default namespace using the following Helm command:
helm install --timeout 15m --values ftrack.yaml ftrack ftrack.tar.gz
Note that install can take some time to finish, do not stop it.
When the installation begins, it will create a job that upgrades the database. Once that job is complete, it will create the ftrack services and pods. This process may take some time to complete the first time, as images are pulled down from the ftrack docker registry. Some of the pods depend on one another, and as such, will show status errors until everything is up and running. You can inspect the progress of the upgrade job using the following commands (while Helm install command is running):
# List all pods.
kubectl get pods
# Stream the logs from the upgrade pod.
kubectl logs -f NAME-OF-UPGRADE-POD
If the pod does not start, you can inspect it using the following command:
kubectl describe pods NAME-OF-UPGRADE-POD
If the installation fails, uninstall ftrack using the following command:
helm uninstall ftrack
Following this, you can re-attempt the installation. No important states are stored in Kubernetes. Therefore, ftrack can be uninstalled and installed again.
If you see errors related to resources that already exist when installing after uninstalling, wait a few more moments for them to be removed. You can then attempt the install again.
Login to ftrack web interface using the default credentials where username is root and password is 12345
Reconfigure
If you need to restart the service after making changes to the yaml configuration file, run the upgrade command without upgrading the database:
helm upgrade --values ftrack.yaml --set database.autoUpgrade=false ftrack ftrack.tar.gz
Upgrade to a new version
Upgrading to a new version follows a process similar to installation. When you receive a new package for the latest version, run the following Helm upgrade command. It will upgrade the database first, followed by the services.
helm upgrade --timeout 60m --values ftrack.yaml ftrack ftrack.tar.gz
Uninstall
If something goes wrong during installation and you are unable to recover from it, or if you want to take the service offline when upgrading, you can uninstall using the following command:
helm uninstall ftrack
If you wish to install again as a new version, simply rerun the install command. There is no state stored in the cluster, which is why uninstalling and then installing will produce the same result as upgrading.
Uninstalling and installing again quickly can result in an error due to the cluster not being able to remove all objects fast enough. If that happens just wait a little bit longer before installing.
Namespace
All of the Helm commands in this article will install ftrack into the default Kubernetes namespace. To install into another namespace, you need to specify your preferred namespace using the --namespace flag when running Helm commands and kubectl commands interacting with (or adding to) resources added by the Helm chart. If this cluster is dedicated to running ftrack, it is recommended to use the default namespace for simplicity.
Security
Encrypted connection (https)
ftrack works over http, but you should never use it in production without https.
To run ftrack over https you need a signed certificate. The easiest way to obtain a valid certificate is to purchase one from a trusted certificate authority. You can also procure one from the following link for free: https://letsencrypt.org
You can create and sign a certificate yourself, but that often requires more work as all clients connecting to the server must be set up to trust the certificate.
Once you have a certificate, add it to your cluster as a secret. Note that the name of the secret and keys (i.e. "tls.key" and "tls.crt") are important and should not be changed.
kubectl create secret generic ssl-cert --from-file=tls.key=my_tls.key --from-file=tls.crt=my_tls.cert
Next, configure ftrack to use https, like this in your ftrack.yaml file:
ingress:
tls: true
If the certificate is self-signed, add the following to your ftrack.yaml file:
certificate:
selfSigned: true
tls.key should contain the private key. tls.crt should contain the certificate and any additional certificates provided by the signing authority.
After making these changes, be sure to update the url in the ftrack.yaml configuration file to reflect the change from http to https.
After making changes to the ftrack.yaml file, run the reconfigure command to apply the changes.
Database credentials
By default the database is configured with a user ftrack_user and password ftrack_pass. For improved security you should change this to something else and add it to the database config section like:
database:
user: my-username
password: my-password
AirGap
If your Kubernetes cluster is air-gapped from the internet, it will not be able to reach the ftrack image registry. You will need to use your own registry and configure ftrack to use it.
imageRegistry:
server: example.com
username: username
password: password
prefix: example.com/ftrack-registry
The ftrack image registry is provided via Google Cloud's container registry, which has excellent availability and fast access.
To receive the images used for the current ftrack version, use the dry-run argument and grep on image using the following command:
helm install --values config.yaml --debug --dry-run ftrack ftrack-helm | grep image: | tr -d [:blank:] | cut -c 7-
Next, pull, tag and push the images to your own repository. Note that to pull images from the ftrack repository using Docker, you must use the credentials provided by ftrack:
echo "PASSWORD_PROVIDED_BY_FTRACK" | base64 -d | docker login -u _json_key --password-stdin https://gcr.io