When it comes to exposing apps over https then ingress is the best way to do it and it specifies the resource to a backend service due to this your application is exposed as a kubernetes service.
Now, specifically in Google Kubernetes Engine, any ingress resources defined in your cluster will be served by a Google Cloud Load Balancer, so you need not define any new ingress.
As you mentioned about tla you can use your own certificate also and that should be uploaded in the cluster through a kubernetes secret. Uploading through secret can be done with the following command.
kubectl create secret tls my-app-certs --key /tmp/tls.key --cert /tmp/tls.crt
You can define the address to key and certificate (here tls.key and tls.sert are the key and certificate respectively). Now you defined the certificate in secret you can mention it in your ingress
- secretName: my-app-certs
After setting this ingress the google kubernetes engine will allocate a public IP address for getting that ip run
Kubectl get ingress my-app-ingress
It will give the public ip, please refer
For more information please go through the following tutorial to get more info about kubernetes: