vesoft-inc · cooper-lzy · Nov 16, 2021 · Nov 11, 2021 · Nov 11, 2021 · Nov 12, 2021
diff --git a/docs-2.0/nebula-operator/4.connect-to-nebula-graph-service.md b/docs-2.0/nebula-operator/4.connect-to-nebula-graph-service.md
@@ -25,9 +25,14 @@ When a Nebula Graph cluster is created, Nebula Operator automatically creates a
 2. Run the following command to connect to the Nebula Graph database using the IP of the `<cluster-name>-graphd-svc` Service above:
 
   ```bash
-  kubectl run -ti --image vesoft/nebula-console:v2.5.0 --restart=Never -- <nebula-console> -addr <10.98.213.34>  -port 9669 -u <root> -p <vesoft>
+  kubectl run -ti --image vesoft/nebula-console:{{console.branch}} --restart=Never -- <nebula_console_name> -addr <cluster_ip>  -port <service_port> -u <username> -p <password>
   ```
 
+  For example:
+
+  ```bash
+  kubectl run -ti --image vesoft/nebula-console:{{console.branch}} --restart=Never -- nebula-console -addr 10.98.213.34  -port 9669 -u root -p vesoft
+
   - `--image`: The image for the tool Nebula Console used to connect to Nebula Graph databases.
   - `<nebula-console>`: The custom Pod name.
   - `-addr`: The IP of the `ClusterIP` Service, used to connect to Graphd services.
@@ -46,14 +51,14 @@ When a Nebula Graph cluster is created, Nebula Operator automatically creates a
 You can also connect to Nebula Graph databases with **Fully Qualified Domain Name (FQDN)**. The domain format is `<cluster-name>-graphd.<cluster-namespace>.svc.<CLUSTER_DOMAIN>`:
 
 ```bash
-kubectl run -ti --image vesoft/nebula-console:v2.5.0 --restart=Never -- <nebula-console> -addr <cluster_name>-graphd-svc.default.svc.cluster.local -port 9669 -u root -p vesoft
+kubectl run -ti --image vesoft/nebula-console:{{console.branch}} --restart=Never -- <nebula_console_name> -addr <cluster_name>-graphd-svc.default.svc.cluster.local -port <service_port> -u <username> -p <password>
 ```
 
 The default value of `CLUSTER_DOMAIN` is `cluster.local`.
 
-## Connect to Nebula Graph databases from outside a Nebula Graph cluster
+## Connect to Nebula Graph databases from outside a Nebula Graph cluster via `NodePort`
 
-You can create a Service of type `NodePort` to connect to Nebula Graph databases from outside a Nebula Graph cluster with a node IP and an exposed node port. You can also use load balancing software provided by cloud providers and set the Service of type `LoadBalancer`.
+You can create a Service of type `NodePort` to connect to Nebula Graph databases from outside a Nebula Graph cluster with a node IP and an exposed node port. You can also use load balancing software provided by cloud providers (such as Azure, AWS, etc.) and set the Service of type `LoadBalancer`.
 
 The Service of type `NodePort` forwards the front-end requests via the label selector `spec.selector` to Graphd pods with labels `app.kubernetes.io/cluster: <cluster-name>` and `app.kubernetes.io/component: graphd`.
 
@@ -121,13 +126,13 @@ Steps:
 4. Connect to Nebula Graph databases with your node IP and the node port above.
 
   ```bash
-  kubectl run -ti --image vesoft/nebula-console:v2.5.0 --restart=Never -- <nebula-console> -addr <node_ip> -port <node_port> -u root -p vesoft
+  kubectl run -ti --image vesoft/nebula-console:{{console.branch}} --restart=Never -- <nebula_console_name> -addr <node_ip> -port <node_port> -u <username> -p <password>
   ```
 
-  Example:
+  For example:
 
   ```bash
-  [root@k8s4 ~]# kubectl run -ti --image vesoft/nebula-console:v2.5.0 --restart=Never -- nebula-console2 -addr 192.168.8.24 -port 32236 -u root -p vesoft
+  kubectl run -ti --image vesoft/nebula-console:{{console.branch}} --restart=Never -- nebula-console2 -addr 192.168.8.24 -port 32236 -u root -p vesoft
   If you don't see a command prompt, try pressing enter.
 
   (root@nebula) [(none)]>
@@ -139,4 +144,93 @@ Steps:
   - `-port`: The mapped port of Nebula Graph databases on all cluster nodes. The above example uses `32236`.
   - `-u`: The username of your Nebula Graph account. Before enabling authentication, you can use any existing username. The default username is root.
   - `-p`: The password of your Nebula Graph account. Before enabling authentication, you can use any characters as the password.
-
+
+## Connect to Nebula Graph databases from outside a Nebula Graph cluster via Ingress
+
+Nginx Ingress is an implementation of Kubernetes Ingress. Nginx Ingress watches the Ingress resource of a Kubernetes cluster and generates the Ingress rules into Nginx configurations that enable Nginx to forward 7 layers of traffic.
+
+You can use Nginx Ingress to connect to a Nebula Graph cluster from outside the cluster using a combination of the HostNetwork and DaemonSet pattern.
+
+As HostNetwork is used，the Nginx Ingress pod cannot be scheduled to the same node. To avoid listening port conflicts, some nodes can be selected and labeled as edge nodes in advance, which are specially used for Nginx Ingress deployment. Nginx Ingress is then deployed on these nodes in a DaemonSet mode.
+
+Ingress does not support TCP or UDP services. For this reason，the nginx-ingress-controller pod uses the flags `--tcp-services-configmap` and `--udp-services-configmap` to point to an existing ConfigMap where the key refers to the external port to be used and the value refers to the format of the service to be exposed. The format of the value `<namespace/service_name>:<service_port>`.
+
+For example, the configurations of the ConfigMap named as `tcp-services` is as follows:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: tcp-services
+  namespace: nginx-ingress
+data:
+  # update 
+  9769: "default/nebula-graphd-svc:9669"
+```
+
+Steps are as follows.
+
+1. Create a file named `nginx-ingress-daemonset-hostnetwork.yaml`. The YAML file reads as follows:
+
+  Click on [nginx-ingress-daemonset-hostnetwork.yaml](https://github.com/vesoft-inc/nebula-operator/blob/{{operator.branch}}/config/samples/nginx-ingress-daemonset-hostnetwork.yaml) to view the complete content of the example YAML file.
+
+  !!! note
+
+        The resource objects in the YAML file above use the namespace `nginx-ingress`. You can run `kubectl create namespace nginx-ingress` to create this namespace, or you can custom a different namespace.
+
+2. Label a node where runs the DaemonSet named `nginx-ingress-controller` in the above YAML file (The node used in this example is named `worker2` with an IP of `192.168.8.160`).
+
+  ```bash
+  kubectl label node worker2 nginx-ingress=true
+  ```
+
+3. Run the following command to enable Nginx Ingress in the cluster you created. 
+
+  ```bash
+  kubectl create -f nginx-ingress-daemonset-hostnetwork.yaml
+  ```
+
+  Output:
+
+  ```bash
+  configmap/nginx-ingress-controller created
+  configmap/tcp-services created
+  serviceaccount/nginx-ingress created
+  serviceaccount/nginx-ingress-backend created
+  clusterrole.rbac.authorization.k8s.io/nginx-ingress created
+  clusterrolebinding.rbac.authorization.k8s.io/nginx-ingress created
+  role.rbac.authorization.k8s.io/nginx-ingress created
+  rolebinding.rbac.authorization.k8s.io/nginx-ingress created
+  service/nginx-ingress-controller-metrics created
+  service/nginx-ingress-default-backend created
+  service/nginx-ingress-proxy-tcp created
+  daemonset.apps/nginx-ingress-controller created
+  ```
+
+  Since the network type is configured in Nginx Ingress is `hostNetwork`, after successfully deploying Nginx Ingress, you can access Nebula Graph through the IP (`192.168.8.160`) of the node where Nginx Ingress deployed and the external port (`9769`) you define.
+
+4. Run the following command to create a console used to connect to Nebula Graph and to access Nebula Graph databases with the IP (`192.168.8.160`) of the node where Nginx Ingress deployed and the external port you define.
+
+  ```bash
+  kubectl run -ti --image vesoft/nebula-console:{{console.branch}} --restart=Never -- <nebula_console_name> -addr <host_ip> -port <external_port> -u <username> -p <password>
+  ```
+
+  Output:
+
+  ```bash
+  kubectl run -ti --image vesoft/nebula-console:{{console.branch}} --restart=Never -- nebula-console -addr 192.168.8.160 -port 9769 -u root -p vesoft
+  ```
+
+  - `--image`: The image for the tool Nebula Console used to connect to Nebula Graph databases.
+  - `<nebula-console>` The custom Pod name. The above example uses `nebula-console`.
+  - `-addr`: The IP of the node where Nginx Ingress is deployed. The above example uses `192.168.8.160`.
+  - `-port`: The port used for external network access. The above example uses `9769`.
+  - `-u`: The username of your Nebula Graph account. Before enabling authentication, you can use any existing username. The default username is root.
+  - `-p`: The password of your Nebula Graph account. Before enabling authentication, you can use any characters as the password.
+
+  A successful connection to the database is indicated if the following is returned:
+
+  ```bash
+  If you don't see a command prompt, try pressing enter.
+  (root@nebula) [(none)]>
+  ```