While Deployment of NGINX controller I can see two services
service/ingress-nginx-controller LoadBalancer 10.0.56.101 192.168.1.25 80:32300/TCP,443:32464/TCP 7d16h
service/ingress-nginx-controller-admission ClusterIP 10.0.65.202 443/TCP 7d16h
The NGINX ingress controller creates two services because they serve different purposes.
The first service, “ingress-nginx-controller,” is a load balancer service that exposes the ingress controller’s functionality externally. It allows external clients to connect to the ingress controller by using a stable IP address and a DNS name. The load balancer service also allows the ingress controller to distribute incoming traffic across multiple replicas for better availability and scalability.
The second service, “ingress-nginx-controller-admission” is a cluster IP service that is used for admission control of ingress resources. It’s used for validating and mutating ingress resources before they are processed by the ingress controller. This service runs inside the cluster and it’s not exposed to external clients. It uses the Kubernetes admission control mechanism to intercept and modify ingress resources before they are processed by the ingress controller.
In short, the first service provides an external entry point for the ingress controller and it’s responsible for traffic routing and load balancing. The second service is responsible for validating and modifying ingress resources before they are processed by the ingress controller.