部署控制器的方式有两种：
● 使用deployment + service(NodePort/LoadBalancer)
● 使用daemonset
一般情况，在私有云环境中，更加推荐使用daemonset，在公有云可以使用 deployment。这里以daemon为例：

[root@maxiaoke nginxinc-ingress]# kubectl label nodes ubuntu-2004-104 ingress-controller/nginx=yes
[root@maxiaoke nginxinc-ingress]# kubectl label nodes ubuntu-2004-105 ingress-controller/nginx=yes
[root@maxiaoke nginxinc-ingress]# kubectl label nodes ubuntu-2004-106 ingress-controller/nginx=yes
[root@maxiaoke nginxinc-ingress]# kubectl apply -f daemon-set/nginx-ingress.yaml

daemon-set/nginx-ingress.yaml:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nginx-ingress
  namespace: nginx-ingress
spec:
  selector:
    matchLabels:
      app: nginx-ingress
  template:
    metadata:
      labels:
        app: nginx-ingress
     #annotations:                        # 如果prometheus是通过注释采集日志，则需要打开
       #prometheus.io/scrape: "true"
       #prometheus.io/port: "9113"
       #prometheus.io/scheme: http
    spec:
      serviceAccountName: nginx-ingress
      containers:
      - image: nginx/nginx-ingress:2.2.0  # 不带链路追踪的镜像，链路跟踪后续演示
        imagePullPolicy: IfNotPresent
        name: nginx-ingress
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: https
          containerPort: 443
          hostPort: 443
        - name: readiness-port
          containerPort: 8081
        - name: prometheus
          containerPort: 9113
        readinessProbe:
         httpGet:
           path: /nginx-ready
           port: readiness-port
         periodSeconds: 1
        securityContext:
          allowPrivilegeEscalation: true
          runAsUser: 101 #nginx
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: TZ                      # 指定时区，方便查看日志
          value: Asia/Shanghai
        args:
          - -nginx-configmaps=$(POD_NAMESPACE)/nginx-config
          - -default-server-tls-secret=$(POD_NAMESPACE)/default-server-secret
          - -wildcard-tls-secret=$(POD_NAMESPACE)/default-server-secret        # 指定默认证书，当ingress中声明TLS却没有指定secretName时使用该证书
          - -enable-prometheus-metrics  # 启用prometheus指标
          - -enable-snippets            # 支持通过注释插入代码片段
          - -health-status              # 开启健康状态检查接口，方便前端LB对它健康检查
          - -enable-latency-metrics     # 开启延迟指标监控
      nodeSelector:
        ingress-controller/nginx: "yes" # 选择部署的节点，即使是daemonset也不是所有worker节点都部署