The ingress that you will setup will need one loadBalancer. This load balancer will be receiving traffic from client and forward it to the ingress controller(gke ingress, nginx etc). So you are really not avoiding loadbalancer completely in this case.

The ingress is used to avoid creation of load balancers exponentially if you are using kubernetes service of type LoadBalancer to serve external clients.In your case the jenkins master service instead of exposing via load balancer directly you can choose an ingress to avoid more than one load balancer creation.

What is the usefulness of the values.ingress.tls.secretName?

It tells the Ingress controller to secure the channel from the client to the load balancer using TLS. You need to make sure the TLS secret you created came from a certificate that contains a Common Name (CN), also known as a Fully Qualified Domain Name (FQDN) for jenkins.cluster.local.

You also need to create a secret with name jenkins.cluster.local

apiVersion: v1
kind: Secret
metadata:
  name: jenkins.cluster.local
  namespace: default
data:
  tls.crt: base64 encoded cert
  tls.key: base64 encoded key
type: kubernetes.io/tls

In case I enable tls, what will be the issuing authority of the corresponding certificate? Is this handled automatically by GCP?

It's not automatically handled by GCP. Check Options for providing SSL certificates section from the official docs Out of all 3 options I believe you need to follow Self-managed certificates as Secret resources and provision your own SSL certificate and create a Secret to hold it. You can then refer to the Secret in an Ingress specification to create an HTTP(S) load balancer that uses the certificate. Refer to the instructions for using certificates in Secrets for more information.