Am I currently forced to use an additional webserver (nginx) to redirect all Kubernete Ingress traffic to https when hosting on GCE?

I'm looking to deploy a Golang application into the wild. As a learning experiment, I thought I would use GCE to host & K8s to deploy/scale. I have deployments and services all working as expected returning traffic and created certs with Lets Encrypt for TLS termination.

I am at the point of implementing an Ingress now as Service LoadBalancers seem to be deprecated. At this stage I am using a static IP for the Ingress to use for backend requests - as follows

apiVersion: extensions/v1beta1 kind: Ingress metadata: name: web-ingress annotations: kubernetes.io/ingress.global-static-ip-name: "kubernetes-ingress" ingress.kubernetes.io/ssl-redirect: "true" spec: tls: - secretName: web-ssl backend: serviceName: web servicePort: 80

Of course I want all http traffic to go through https/TLS. Assigning the ingress.kubernetes.io/ssl-redirect: "true" entry has made no difference. As a sneaky attempt, I thought I may be able to alter the servicePort to 443. As my service is accepting requests on both 80/443 ports, valid responses were returned, but http was not forced to https.

At this stage I am guessing I will need to "bite the bullet" and create an nginx Ingress Controller. This will also help to update certs using Lego along with creating another abstraction should I need more service points.

But before I did, I just wanted to check first if there is no other way? Any help appreciated thanks.