Install the nginx-ingress service

All described commands are executed only on the master node!

Add the ingress-nginx repository to Helm:

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

Install nginx in Kubernetes

Attention! The variable MAIN_IF must specify the IP address of the external interface to access the report server.

export MAIN_IF=192.168.1.191
kubectl create namespace nginx

helm upgrade --install  nginx-ingress ingress-nginx/ingress-nginx \
    --create-namespace --namespace nginx \
    --set controller.replicaCount=2 \
    --set controller.service.externalIPs[0]=$MAIN_IF \
    --set controller.extraArgs.v=2

The following command configures nginx in cluster. nginx will accept all incoming requests and forward them to the gateway, which distributes incoming requests to the report server components.

HOST=my.server-server.com
NAMESPACE=fr-corporate-server

cat <<EOF | kubectl apply -n $NAMESPACE -f -
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: $HOST-gateway
  namespace: $NAMESPACE
  annotations:
    ingress.kubernetes.io/ssl-redirect: 'true'
    nginx.ingress.kubernetes.io/configuration-snippet: |
      add_header  X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
    nginx.ingress.kubernetes.io/limit-rps: '50'
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
    nginx.ingress.kubernetes.io/proxy-buffering: 'off'
    nginx.ingress.kubernetes.io/proxy-request-buffering: 'off'
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - $HOST
      secretName: corporate-tls-secret
  rules:
    - host: $HOST
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: fr-gateway
                port:
                  number: 80
EOF

Next, you will need an SSL certificate to set up a secure connection. Usually it can be purchased or obtained from a domain name registrar or purchased from a certification center. When using a report server on the intranet, you can create a self-signed certificate using the following command:

export CERT_NAME=my.server-server.com
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout del_me_file.key -out del_me_file.cer -subj "/CN=$CERT_NAME/O=$CERT_NAME"

Register a certificate in Kubernetes named fr-corporate-tls. This certificate is then used by various report components, including nginx.

kubectl create secret tls fr-corporate-tls --key del_me_file.key --cert del_me_file.cer

Register nginx-ingress in a Kubernetes cluster.
You need to set the HOST, variable corresponding to the domain name of the report server.

cat <<EOF | kubectl apply -n $NAMESPACE -f -
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: $HOST-gateway
  namespace: $NAMESPACE
  annotations:
    ingress.kubernetes.io/ssl-redirect: 'true'
    nginx.ingress.kubernetes.io/configuration-snippet: |
      add_header  X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
    nginx.ingress.kubernetes.io/limit-rps: '50'
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
    nginx.ingress.kubernetes.io/proxy-buffering: 'off'
    nginx.ingress.kubernetes.io/proxy-request-buffering: 'off'
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - $HOST
      secretName: corporate-tls-secret
  rules:
    - host: $HOST
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: fr-gateway
                port:
                  number: 80
EOF