1) it should be ok to have ephemeral ip for non-control-plane nodes. I was able to get 2 reserved and 2 ephemeral. But if you can only get 1 reserved then it'd probably be better to have just 1 control-plane node

2) This setup disables service access by default. There should be a config with values NodePort or ClusterIp that needs to be modified to enable access via service (with the 10000+ port numbers). The Nginx Ingress also needs to be completed to access via ingress.