diff --git a/.gitignore b/.gitignore
index 3ad42d50..185172ce 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,5 @@ asm/
 .crt
 .key
 .pem
-certs/
\ No newline at end of file
+certs/
+test/test.conf
\ No newline at end of file
diff --git a/ingress/single-cluster/ingress-external-basic/cleanup.sh b/ingress/single-cluster/ingress-external-basic/cleanup.sh
index 18732a86..b6694c1a 100755
--- a/ingress/single-cluster/ingress-external-basic/cleanup.sh
+++ b/ingress/single-cluster/ingress-external-basic/cleanup.sh
@@ -19,4 +19,16 @@ set -o nounset;
 set -o pipefail;
 set -o xtrace;
 
-echo "Running external basic cleanup."
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-external-basic"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-external-basic/external-ingress-basic.yaml"
+
+kubectl --context "${context}" delete -f "${resource_yaml}" -n "${test_name}" || true
+kubectl --context "${context}" delete namespace "${test_name}" || true
+wait_for_glbc_deletion "foo-external" "${test_name}"
+
+cleanup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
diff --git a/ingress/single-cluster/ingress-external-basic/run-test.sh b/ingress/single-cluster/ingress-external-basic/run-test.sh
old mode 100644
new mode 100755
index e472aaf4..ff50715f
--- a/ingress/single-cluster/ingress-external-basic/run-test.sh
+++ b/ingress/single-cluster/ingress-external-basic/run-test.sh
@@ -19,4 +19,14 @@ set -o nounset;
 set -o pipefail;
 set -o xtrace;
 
-echo "Running external basic test."
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-external-basic"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+vip=$(wait_for_ingress_ip "foo-external" "${test_name}" "${context}")
+echo "Load balancer IP is ${vip}"
+
+check_http_status "${vip}" 200 "host: foo.example.com"
+check_http_status "${vip}" 404 "host: bar.example.com"
diff --git a/ingress/single-cluster/ingress-external-basic/setup.sh b/ingress/single-cluster/ingress-external-basic/setup.sh
index 7d37fdfc..7a30a3c8 100755
--- a/ingress/single-cluster/ingress-external-basic/setup.sh
+++ b/ingress/single-cluster/ingress-external-basic/setup.sh
@@ -19,4 +19,14 @@ set -o nounset;
 set -o pipefail;
 set -o xtrace;
 
-echo "Running external basic setup."
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-external-basic"
+setup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-external-basic/external-ingress-basic.yaml"
+kubectl --context "${context}" create namespace "${test_name}"
+
+kubectl --context "${context}" apply -f "${resource_yaml}" -n "${test_name}"
diff --git a/ingress/single-cluster/ingress-internal-basic/cleanup.sh b/ingress/single-cluster/ingress-internal-basic/cleanup.sh
new file mode 100755
index 00000000..18c95eb6
--- /dev/null
+++ b/ingress/single-cluster/ingress-internal-basic/cleanup.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-internal-basic"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-internal-basic/internal-ingress-basic.yaml"
+
+kubectl --context "${context}" delete -f "${resource_yaml}" -n "${test_name}" || true
+kubectl --context "${context}" delete namespace "${test_name}" || true
+wait_for_glbc_deletion "foo-internal" "${test_name}"
+
+cleanup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
diff --git a/ingress/single-cluster/ingress-internal-basic/run-test.sh b/ingress/single-cluster/ingress-internal-basic/run-test.sh
new file mode 100755
index 00000000..17a7630b
--- /dev/null
+++ b/ingress/single-cluster/ingress-internal-basic/run-test.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-internal-basic"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+vip=$(wait_for_ingress_ip "foo-internal" "${test_name}" "${context}")
+echo "Load balancer IP is ${vip}"
+
+check_http_status "${vip}" 200 "host: foo.example.com" "${test_name}" "${zone}"
+check_http_status "${vip}" 404 "host: bar.example.com" "${test_name}" "${zone}"
diff --git a/ingress/single-cluster/ingress-internal-basic/setup.sh b/ingress/single-cluster/ingress-internal-basic/setup.sh
new file mode 100755
index 00000000..989940ce
--- /dev/null
+++ b/ingress/single-cluster/ingress-internal-basic/setup.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit;
+set -o nounset;
+set -o pipefail;
+set -o xtrace;
+
+source ./test/helper.sh
+source ./test/test.conf
+test_name="ingress-internal-basic"
+setup_gke_basic "${test_name}" "${zone}" "${subnet_region}"
+setup_ilb "${test_name}" "${subnet_region}"
+suffix=$(get_hash "${test_name}")
+context=$(kubectl config view -o json | jq -r ".contexts[] | select(.name | test(\"-${suffix}\")).name")
+
+resource_yaml="ingress/single-cluster/ingress-internal-basic/internal-ingress-basic.yaml"
+kubectl --context "${context}" create namespace "${test_name}"
+
+kubectl --context "${context}" apply -f "${resource_yaml}" -n "${test_name}"
diff --git a/test/README.md b/test/README.md
index e8cde78d..e3f130da 100644
--- a/test/README.md
+++ b/test/README.md
@@ -32,6 +32,18 @@ Make sure you are at the root directory of the repository.
 cd gke-networking-recipes
 ```
 
+
+First, set ZONE and SUBNET_REGION environment variable, then run ./test/generate_config.sh to generate the testing config.
+```
+export ZONE=zone
+export SUBNET_REGION=subnet_region
+
+./test/generate_config.sh
+```
+
+To run ingress-https test, you need a special project($DNS_PROJECT) that has configured DNS domain, and make sure the current service account have role/dns_admin access to that project. Create a public DNS zone(DNS_ZONE).
+Then set the environment variable for DNS_PROJECT, RECORD1, RECORD2, DNS_ZONE before running generate_env.sh. Make sure the two records that uses the DNS name of the created DNS zone as suffix.
+
 To run a specific test, run the setup.sh, run-test.sh, and cleanup.sh in order in the recipe directory.
 
 ```
diff --git a/test/generate_config.sh b/test/generate_config.sh
new file mode 100755
index 00000000..77a17976
--- /dev/null
+++ b/test/generate_config.sh
@@ -0,0 +1,11 @@
+testConf="test/test.conf"
+echo "Writing to ${testConf}"
+echo "----"
+cat <<EOF |  tee ${testConf}
+zone="${ZONE}"
+subnet_region="${SUBNET_REGION}"
+dns_project="${DNS_PROJECT}"
+dns_zone="${DNS_ZONE}"
+record1="${RECORD1}"
+record2="${RECORD2}"
+EOF
diff --git a/test/helper.sh b/test/helper.sh
index 2de9acdd..9cdd945f 100644
--- a/test/helper.sh
+++ b/test/helper.sh
@@ -36,14 +36,15 @@ get_hash() {
 # Returns:
 #   0 if the ingress IP is populated within 15 minutes, 1 if not.
 wait_for_ingress_ip() {
-    local ing ns ATTEMPT
+    local ing ns conext ATTEMPT
     ing="$1"
     ns="$2"
+    context="$3"
 
     # 180*5s=15min
     for ATTEMPT in $(seq 180); do
         local vip
-        vip=$(kubectl get ingress ${ing} \
+        vip=$(kubectl --context "${context}" get ingress ${ing} \
               -n ${ns} \
               -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
         if [[ ! -z "$vip" ]]; then
@@ -62,15 +63,16 @@ wait_for_ingress_ip() {
 # Returns:
 #   0 if the status of the given certificate is Active within 60 minutes, 1 if not.
 wait_for_managed_cert() {
-    local mc ns ATTEMPT
+    local mc ns context ATTEMPT
     mc="$1"
     ns="$2"
+    context="$3"
 
     # 360*10s=60min
     for ATTEMPT in $(seq 360); do
         local certStatus domainStatus status
         # Check status of the certificate.
-        certStatus=$(kubectl get ManagedCertificate ${mc} \
+        certStatus=$(kubectl --context "${context}" get ManagedCertificate ${mc} \
                      -n ${ns} \
                      -o jsonpath="{.status.certificateStatus}")
         if [[ "${certStatus}" != "Active" ]]; then
@@ -79,7 +81,7 @@ wait_for_managed_cert() {
         fi
 
         # Check status of each domain.
-        domainStatus=( $(kubectl get ManagedCertificate ${mc} \
+        domainStatus=( $(kubectl --context "${context}" get ManagedCertificate ${mc} \
                          -n ${ns} \
                          -o jsonpath="{.status.domainStatus}" | \
                          jq  ".[] | .status") )