Specifically in Google Kubernetes Engine (GKE), any ingress resources defined in your cluster will be served by a Google Cloud Load Balancer, so I don't think you have to worry about deploying your own Ingress Controller (e.g. Nginx Ingress Controller).
In terms of TLS, you can use your own certificate if you have one. The certificate must be uploaded to the cluster through a Kubernetes Secret. Once that secret is defined, you can reference that secret in your Ingress definition.
You can create the secret using the following command:
kubectl create secret tls my-app-certs --key /tmp/tls.key --cert /tmp/tls.crt
Once you have your secret, you can reference it in your ingress resource:
- secretName: my-app-certs
Once you have created your ingress resource, GKE will configure the load balancer and give you a publicly accessible IP that you can get using:
kubectl get ingress my-app-ingress