vesoft-inc · abby-cyber · Nov 12, 2021 · Nov 11, 2021 · Nov 11, 2021 · Nov 11, 2021
diff --git a/docs-2.0/nebula-operator/4.connect-to-nebula-graph-service.md b/docs-2.0/nebula-operator/4.connect-to-nebula-graph-service.md
@@ -148,13 +148,13 @@ kubectl run -ti --image vesoft/nebula-console:{{console.branch}} --restart=Never
 
 ## 通过`Ingress`在Nebula Graph集群外部连接Nebula Graph数据库
 
-Nginx Ingress是Kubernetes Ingress的一个实现。Nginx Ingress观察Kubernetes集群的Ingress资源，将Ingress规则生成Nginx配置，使Nginx能够转发第7层流量。
+Nginx Ingress是Kubernetes Ingress的一个实现。Nginx Ingress通过Watch机制感知Kubernetes集群的Ingress资源，将Ingress规则生成Nginx配置，使Nginx能够转发7层流量。
 
 用户可以通过HostNetwork和DaemonSet组合的模式使用Nginx Ingress从集群外部连接Nebula Graph集群。
 
-由于使用了HostNetwork，Nginx Ingress pods不能被安排在同一个节点上。为了避免监听端口冲突，可以事先选择一些节点并将其标记为边缘节点，专门用于部署Nginx Ingress。 然后，Nginx Ingress以DaemonSet模式部署在这些节点上。
+由于使用HostNetwork，Nginx Ingress的Pod就不能被调度在同一个节点上。为了避免监听端口冲突，可以事先选择一些节点并将其标记为边缘节点，专门用于部署Nginx Ingress。然后Nginx Ingress以DaemonSet模式部署在这些节点上。
 
-由于Ingress不支持TCP或UDP服务，为此nginx-ingress-controller使用`--tcp-services-configmap`和`--udp-services-configmap`参数指向一个ConfigMap，该ConfigMap中的键指需要使用的外部端口，值指要公开的服务的格式，值的格式为`<命名空间/服务名称>：<服务端口>`。
+由于Ingress不支持TCP或UDP服务，为此nginx-ingress-controller使用`--tcp-services-configmap`和`--udp-services-configmap`参数指向一个ConfigMap，该ConfigMap中的键指需要使用的外部端口，值指要公开的服务的格式，值的格式为`<命名空间/服务名称>:<服务端口>`。
 
 例如指向名为`tcp-services`的ConfigMap的配置如下：
 
@@ -195,377 +195,11 @@ spec:
 - `port`的值`9769`指外部端口，用户可自行设置。
 - `targetPort`的值`9669`指要连接的graphd服务的端口。
 
-完整的示例及操作步骤如下：
+操作步骤如下：
 
-1. 创建名为`nginx-ingress-daemonset-hostnetwork.yaml`的文件。YAML文件内容如下：
+1. 创建名为`nginx-ingress-daemonset-hostnetwork.yaml`的文件。
 
-  ```yaml
-  apiVersion: v1
-  kind: ConfigMap
-  metadata:
-    name: nginx-ingress-controller
-    namespace: nginx-ingress
-  data:
-    keep-alive-requests: "100"
-    upstream-keepalive-connections: "200"
-    max-worker-connections: "65536"
-  ---
-  apiVersion: v1
-  kind: ConfigMap
-  metadata:
-    name: tcp-services
-    namespace: nginx-ingress
-  data:
-    9769: "default/nebula-graphd-svc:9669"
-  ---
-  apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    labels:
-      app: nginx-ingress
-    name: nginx-ingress
-    namespace: nginx-ingress
-  ---
-  apiVersion: v1
-  kind: ServiceAccount
-  metadata:
-    labels:
-      app: nginx-ingress
-    name: nginx-ingress-backend
-    namespace: nginx-ingress
-  ---
-  apiVersion: rbac.authorization.k8s.io/v1
-  kind: ClusterRole
-  metadata:
-    labels:
-      app: nginx-ingress
-    name: nginx-ingress
-  rules:
-    - apiGroups:
-        - ""
-      resources:
-        - configmaps
-        - endpoints
-        - nodes
-        - pods
-        - secrets
-      verbs:
-        - list
-        - watch
-    - apiGroups:
-        - ""
-      resources:
-        - nodes
-      verbs:
-        - get
-    - apiGroups:
-        - ""
-      resources:
-        - services
-      verbs:
-        - get
-        - list
-        - update
-        - watch
-    - apiGroups:
-        - extensions
-        - "networking.k8s.io" # k8s 1.14+
-      resources:
-        - ingresses
-      verbs:
-        - get
-        - list
-        - watch
-    - apiGroups:
-        - ""
-      resources:
-        - events
-      verbs:
-        - create
-        - patch
-    - apiGroups:
-        - extensions
-        - "networking.k8s.io" # k8s 1.14+
-      resources:
-        - ingresses/status
-      verbs:
-        - update
-  ---
-  apiVersion: rbac.authorization.k8s.io/v1
-  kind: ClusterRoleBinding
-  metadata:
-    labels:
-      app: nginx-ingress
-    name: nginx-ingress
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: ClusterRole
-    name: nginx-ingress
-  subjects:
-    - kind: ServiceAccount
-      name: nginx-ingress
-      namespace: nginx-ingress
-  ---
-  apiVersion: rbac.authorization.k8s.io/v1
-  kind: Role
-  metadata:
-    labels:
-      app: nginx-ingress
-    name: nginx-ingress
-    namespace: nginx-ingress
-  rules:
-    - apiGroups:
-        - ""
-      resources:
-        - namespaces
-      verbs:
-        - get
-    - apiGroups:
-        - ""
-      resources:
-        - configmaps
-        - pods
-        - secrets
-        - endpoints
-      verbs:
-        - get
-        - list
-        - watch
-    - apiGroups:
-        - ""
-      resources:
-        - services
-      verbs:
-        - get
-        - list
-        - update
-        - watch
-    - apiGroups:
-        - extensions
-        - "networking.k8s.io" # k8s 1.14+
-      resources:
-        - ingresses
-      verbs:
-        - get
-        - list
-        - watch
-    - apiGroups:
-        - extensions
-        - "networking.k8s.io" # k8s 1.14+
-      resources:
-        - ingresses/status
-      verbs:
-        - update
-    - apiGroups:
-        - ""
-      resources:
-        - configmaps
-      resourceNames:
-        - ingress-controller-leader-nginx
-      verbs:
-        - get
-        - update
-    - apiGroups:
-        - ""
-      resources:
-        - configmaps
-      verbs:
-        - create
-    - apiGroups:
-        - ""
-      resources:
-        - endpoints
-      verbs:
-        - create
-        - get
-        - update
-    - apiGroups:
-        - ""
-      resources:
-        - events
-      verbs:
-        - create
-        - patch
-  ---
-  apiVersion: rbac.authorization.k8s.io/v1
-  kind: RoleBinding
-  metadata:
-    labels:
-      app: nginx-ingress
-    name: nginx-ingress
-    namespace: nginx-ingress
-  roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: nginx-ingress
-  subjects:
-    - kind: ServiceAccount
-      name: nginx-ingress
-      namespace: nginx-ingress
-  ---
-  apiVersion: v1
-  kind: Service
-  metadata:
-    labels:
-      app: nginx-ingress
-      component: controller
-    name: nginx-ingress-controller-metrics
-    namespace: nginx-ingress
-  spec:
-    ports:
-      - name: metrics
-        port: 9913
-        targetPort: metrics
-    selector:
-      app: nginx-ingress
-      component: controller
-    type: "ClusterIP"
-  ---
-  apiVersion: v1
-  kind: Service
-  metadata:
-    labels:
-      app: nginx-ingress
-      component: default-backend
-    name: nginx-ingress-default-backend
-    namespace: nginx-ingress
-  spec:
-    ports:
-      - name: http
-        port: 80
-        protocol: TCP
-        targetPort: http
-    selector:
-      app: nginx-ingress
-      component: default-backend
-    type: "ClusterIP"
-  ---
-  apiVersion: v1
-  kind: Service
-  metadata:
-    labels:
-      app: nginx-ingress
-      component: default-backend
-    name: nginx-ingress-proxy-tcp
-    namespace: nginx-ingress
-  spec:
-    ports:
-      - name: proxied-tcp
-        port: 9769
-        protocol: TCP
-        targetPort: 9669
-    selector:
-      app: nginx-ingress
-      component: default-backend
-    type: "ClusterIP"
-  ---
-  apiVersion: apps/v1
-  kind: DaemonSet
-  metadata:
-    labels:
-      app: nginx-ingress
-      component: controller
-    name: nginx-ingress-controller
-    namespace: nginx-ingress
-  spec:
-    selector:
-      matchLabels:
-        app: nginx-ingress
-        component: controller
-    template:
-      metadata:
-        labels:
-          app: nginx-ingress
-          component: controller
-      spec:
-        dnsPolicy: ClusterFirst
-        initContainers:
-          - name: setsysctl
-            image: busybox
-            securityContext:
-              privileged: true
-            command:
-              - sh
-              - -c
-              - |
-                sysctl -w net.core.somaxconn=65535
-                sysctl -w net.ipv4.ip_local_port_range="1024 65535"
-                sysctl -w net.ipv4.tcp_tw_reuse=1
-                sysctl -w fs.file-max=1048576
-        containers:
-          - name: nginx-ingress-controller
-            image: "ccr.ccs.tencentyun.com/mirrors/nginx-ingress-controller:v0.34.1"
-            imagePullPolicy: IfNotPresent
-            args:
-              - /nginx-ingress-controller
-              - --default-backend-service=$(POD_NAMESPACE)/nginx-ingress-default-backend
-              - --election-id=ingress-controller-leader
-              - --ingress-class=nginx
-              - --configmap=$(POD_NAMESPACE)/nginx-ingress-controller
-              - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
-            securityContext:
-              capabilities:
-                drop:
-                  - ALL
-                add:
-                  - NET_BIND_SERVICE
-              runAsUser: 101
-              allowPrivilegeEscalation: true
-            env:
-              - name: POD_NAME
-                valueFrom:
-                  fieldRef:
-                    fieldPath: metadata.name
-              - name: POD_NAMESPACE
-                valueFrom:
-                  fieldRef:
-                    fieldPath: metadata.namespace
-            livenessProbe:
-              httpGet:
-                path: /healthz
-                port: 10254
-                scheme: HTTP
-              initialDelaySeconds: 10
-              periodSeconds: 10
-              timeoutSeconds: 1
-              successThreshold: 1
-              failureThreshold: 3
-            ports:
-              - name: http
-                containerPort: 80
-                protocol: TCP
-              - name: proxied-tcp
-                containerPort: 9769
-                protocol: TCP
-              - name: https
-                containerPort: 443
-                protocol: TCP
-              - name: metrics
-                containerPort: 10254
-                protocol: TCP
-            readinessProbe:
-              httpGet:
-                path: /healthz
-                port: 10254
-                scheme: HTTP
-              initialDelaySeconds: 10
-              periodSeconds: 10
-              timeoutSeconds: 1
-              successThreshold: 1
-              failureThreshold: 3
-        hostNetwork: true
-        affinity:
-          nodeAffinity:
-            requiredDuringSchedulingIgnoredDuringExecution:
-              nodeSelectorTerms:
-                - matchExpressions:  //为运行该DaemonSet的节点指定标签。
-                    - key: nginx-ingress
-                      operator: In
-                      values:
-                        - "true"
-        serviceAccountName: nginx-ingress
-        terminationGracePeriodSeconds: 60  
-  ```
+  单击[nginx-ingress-daemonset-hostnetwork.yaml](https://github.com/vesoft-inc/nebula-operator/blob/{{operator.branch}}/config/samples/nginx-ingress-daemonset-hostnetwork.yaml)查看完整的YAML示例内容。
 
   !!! note