diff --git a/ingress/single-cluster/ingress-cloudarmor/cleanup.sh b/ingress/single-cluster/ingress-cloudarmor/cleanup.sh
new file mode 100755
index 00000000..c55eebc1
--- /dev/null
+++ b/ingress/single-cluster/ingress-cloudarmor/cleanup.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-cloudarmor"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-cloudarmor/cloudarmor-ingress.yaml"
+policy_name="allow-my-ip"
+
+kubectl --context "${context}" delete -f "${resource_yaml}" -n "${test_name}" || true
+kubectl --context "${context}" delete namespace "${test_name}" || true
+wait_for_glbc_deletion "cloudarmor-test" "${test_name}"
+
+sed -i'.bak' "s/${policy_name}/\$POLICY_NAME/g" "${resource_yaml}"
+rm -f "${resource_yaml}".bak
+gcloud compute security-policies delete "${policy_name}" --quiet || true
+
+cleanup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
diff --git a/ingress/single-cluster/ingress-cloudarmor/run-test.sh b/ingress/single-cluster/ingress-cloudarmor/run-test.sh
new file mode 100755
index 00000000..d060e642
--- /dev/null
+++ b/ingress/single-cluster/ingress-cloudarmor/run-test.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-cloudarmor"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+vip=$(wait_for_ingress_ip "cloudarmor-test" "${test_name}" "${context}")
+echo "Load balancer IP is ${vip}"
+
+check_http_status "${vip}/whereami" 200
+check_http_status "${vip}" 404
+check_http_status "${vip}/whereami" 502 "" "${test_name}" "${zone}"
+check_http_status "${vip}" 404 "" "${test_name}" "${zone}"
diff --git a/ingress/single-cluster/ingress-cloudarmor/setup.sh b/ingress/single-cluster/ingress-cloudarmor/setup.sh
new file mode 100755
index 00000000..d83c1960
--- /dev/null
+++ b/ingress/single-cluster/ingress-cloudarmor/setup.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-cloudarmor"
+setup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-cloudarmor/cloudarmor-ingress.yaml"
+kubectl --context "${context}" create namespace "${test_name}"
+
+currentIP=$(curl -s ifconfig.me)
+policy_name="allow-my-ip"
+gcloud compute security-policies create "${policy_name}"
+gcloud compute security-policies rules update 2147483647  --security-policy "${policy_name}" --action "deny-502" # Update the default policy(2147483647 is the priority value for default rule).
+gcloud compute security-policies rules create 1000 --security-policy "${policy_name}" --src-ip-ranges "${currentIP}" --action "allow"
+sed -i'.bak' "s/\$POLICY_NAME/${policy_name}/g" "${resource_yaml}"
+
+kubectl --context "${context}" apply -f "${resource_yaml}" -n "${test_name}"
diff --git a/ingress/single-cluster/ingress-custom-default-backend/cleanup.sh b/ingress/single-cluster/ingress-custom-default-backend/cleanup.sh
new file mode 100755
index 00000000..fecff00b
--- /dev/null
+++ b/ingress/single-cluster/ingress-custom-default-backend/cleanup.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-custom-default-backend"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-custom-default-backend/ingress-custom-default-backend.yaml"
+
+kubectl --context "${context}" delete -f "${resource_yaml}" -n "${test_name}" || true
+kubectl --context "${context}" delete namespace "${test_name}" || true
+wait_for_glbc_deletion "foo-internal" "${test_name}"
+
+cleanup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
diff --git a/ingress/single-cluster/ingress-custom-default-backend/run-test.sh b/ingress/single-cluster/ingress-custom-default-backend/run-test.sh
new file mode 100755
index 00000000..3edbb48c
--- /dev/null
+++ b/ingress/single-cluster/ingress-custom-default-backend/run-test.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-custom-default-backend"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+vip=$(wait_for_ingress_ip "foo-internal" "${test_name}" "${context}")
+echo "Load balancer IP is ${vip}"
+
+check_http_status "${vip}/foo" 200 "" "${test_name}" "${zone}"
+check_http_status "${vip}/bar" 200 "" "${test_name}" "${zone}"
diff --git a/ingress/single-cluster/ingress-custom-default-backend/setup.sh b/ingress/single-cluster/ingress-custom-default-backend/setup.sh
new file mode 100755
index 00000000..d0cbe7fa
--- /dev/null
+++ b/ingress/single-cluster/ingress-custom-default-backend/setup.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-custom-default-backend"
+setup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
+setup_ilb "${test_name}" "${subnet_region}"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-custom-default-backend/ingress-custom-default-backend.yaml"
+kubectl --context "${context}" create namespace "${test_name}"
+
+kubectl --context "${context}" apply -f "${resource_yaml}" -n "${test_name}"
diff --git a/ingress/single-cluster/ingress-https/cleanup.sh b/ingress/single-cluster/ingress-https/cleanup.sh
new file mode 100755
index 00000000..2b3910c2
--- /dev/null
+++ b/ingress/single-cluster/ingress-https/cleanup.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-https"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-https/secure-ingress.yaml"
+
+kubectl --context "${context}" delete -f "${resource_yaml}" -n "${test_name}" || true
+kubectl --context "${context}" delete namespace "${test_name}" || true
+wait_for_glbc_deletion "secure-ingress" "${test_name}"
+
+sed -i'.bak' "s/${https_record1}/foo.\${DOMAIN}.com/g" "${resource_yaml}"
+sed -i'.bak' "s/${https_record2}/bar.\${DOMAIN}.com/g" "${resource_yaml}"
+rm -f "${resource_yaml}".bak
+gcloud compute ssl-policies delete gke-ingress-ssl-policy --quiet || true
+gcloud compute addresses delete --global gke-foobar-public-ip --quiet || true
+gcloud dns --project="${dns_project}" record-sets delete "${https_record1}" --zone="${dns_zone}" --type="A" || true
+gcloud dns --project="${dns_project}" record-sets delete "${https_record2}" --zone="${dns_zone}" --type="A" || true
+
+cleanup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
diff --git a/ingress/single-cluster/ingress-https/run-test.sh b/ingress/single-cluster/ingress-https/run-test.sh
new file mode 100755
index 00000000..2f3a7c9b
--- /dev/null
+++ b/ingress/single-cluster/ingress-https/run-test.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-https"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+vip=$(wait_for_ingress_ip "secure-ingress" "${test_name}" "${context}")
+echo "Load balancer IP is ${vip}"
+
+wait_for_managed_cert "foobar-certificate" "ingress-https" "${context}"
+
+check_http_status "https://${https_record1}" 200
+check_http_status "https://${https_record2}" 200
+check_http_status "http://${https_record1}" 301
+check_http_status "http://${https_record2}" 301
diff --git a/ingress/single-cluster/ingress-https/setup.sh b/ingress/single-cluster/ingress-https/setup.sh
new file mode 100755
index 00000000..7fc4ed2b
--- /dev/null
+++ b/ingress/single-cluster/ingress-https/setup.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-https"
+setup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-https/secure-ingress.yaml"
+kubectl --context "${context}" create namespace "${test_name}"
+
+static_ip_name=gke-foobar-public-ip
+gcloud compute addresses create --global "${static_ip_name}"
+static_ip=$(gcloud compute addresses describe --global "${static_ip_name}" --format="value(address)")
+gcloud compute ssl-policies create gke-ingress-ssl-policy --profile MODERN --min-tls-version 1.2
+
+gcloud dns --project="${dns_project}" record-sets create "${https_record1}" --zone="${dns_zone}" --type="A" --ttl="14400" --rrdatas="${static_ip}"
+gcloud dns --project="${dns_project}" record-sets create "${https_record2}" --zone="${dns_zone}" --type="A" --ttl="14400" --rrdatas="${static_ip}"
+
+sed -i'.bak' "s/foo.\${DOMAIN}.com/${https_record1}/g" "${resource_yaml}"
+sed -i'.bak' "s/bar.\${DOMAIN}.com/${https_record2}/g" "${resource_yaml}"
+kubectl --context "${context}" apply -f "${resource_yaml}" -n "${test_name}"
diff --git a/ingress/single-cluster/ingress-nginx/README.md b/ingress/single-cluster/ingress-nginx/README.md
index bcfa7fd1..85f10f3b 100644
--- a/ingress/single-cluster/ingress-nginx/README.md
+++ b/ingress/single-cluster/ingress-nginx/README.md
@@ -19,10 +19,12 @@ GKE allows customers to deploy their own Ingress Controllers instead of the stan
 - 1.16.5-gke.1 and later.
 
 
+## Note
+NGINX is not one of the GKE offering, this is just an exmaple of using custom controller.
 
 ### Networking Manifests
 
-In this example an internal Ingress resource matches for HTTP traffic with `foo.example.com`  for path `/foo`  and sends it to the `foo` Service at port 8080. A public IP address is automatically provisioned by the Ngnix controller which listens for traffic on port 8080. The Ingress resource below shows that there is one host match. Any traffic which does not match this is sent to the default backend to provide 404 responses.
+In this example an external Ingress resource matches for HTTP traffic with `foo.example.com`  for path `/foo`  and sends it to the `foo` Service at port 8080. A public IP address is automatically provisioned by the Ngnix controller which listens for traffic on port 8080. The Ingress resource below shows that there is one host match. Any traffic which does not match this is sent to the default backend to provide 404 responses.
 
 
 ```yaml
diff --git a/ingress/single-cluster/ingress-nginx/cleanup.sh b/ingress/single-cluster/ingress-nginx/cleanup.sh
new file mode 100755
index 00000000..dddcc79a
--- /dev/null
+++ b/ingress/single-cluster/ingress-nginx/cleanup.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-nginx"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-nginx/ingress-nginx.yaml"
+
+kubectl --context "${context}" delete -f "${resource_yaml}" -n "${test_name}" || true
+
+kubectl --context "${context}" delete -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/cloud/deploy.yaml || true
+kubectl --context "${context}" delete clusterrolebinding cluster-admin-binding || true
+
+kubectl --context "${context}" delete namespace "${test_name}" || true
+wait_for_glbc_deletion "foo-external" "${test_name}"
+
+cleanup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
diff --git a/ingress/single-cluster/ingress-nginx/run-test.sh b/ingress/single-cluster/ingress-nginx/run-test.sh
new file mode 100755
index 00000000..bd5d543b
--- /dev/null
+++ b/ingress/single-cluster/ingress-nginx/run-test.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-nginx"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+vip=$(wait_for_ingress_ip "foo-external" "${test_name}" "${context}")
+echo "Load balancer IP is ${vip}"
+
+check_http_status "${vip}/foo" 200 "host: foo.example.com"
diff --git a/ingress/single-cluster/ingress-nginx/setup.sh b/ingress/single-cluster/ingress-nginx/setup.sh
new file mode 100755
index 00000000..82f05275
--- /dev/null
+++ b/ingress/single-cluster/ingress-nginx/setup.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test.conf
+test_name="ingress-nginx"
+setup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-nginx/ingress-nginx.yaml"
+kubectl --context "${context}" create namespace "${test_name}"
+
+kubectl --context "${context}" create clusterrolebinding cluster-admin-binding \
+  --clusterrole cluster-admin \
+  --user $(gcloud config get-value account)
+  
+kubectl --context "${context}" apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.0/deploy/static/provider/cloud/deploy.yaml
+sleep 15 # Wait for webhook to be fully setup.
+kubectl --context "${context}" apply -f "${resource_yaml}" -n "${test_name}"
\ No newline at end of file