Expose Kibana behind a subpath using GCE ingress

Trying to expose kibana behind GCE Ingress under a subpath. Say you want to expose Kibana under the subpath /kibana . You first need to configure Kibana to be aware of this by setting server.basePath , server.rewriteBasePath and server.publicBaseUrl . Then you need to update the readiness probe so that it uses the new path to /login . Below is a working code. Much thanks to @charith-elastic

---
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: hulk
  labels:
    app: hulk
spec:
  version: 7.11.2
  count: 1
  config:
    server:
      basePath: "/kibana"
      rewriteBasePath: true
      publicBaseUrl: "https://elastic.stack/kibana"
  http:
    service:
      metadata:
        labels:
          app: hulk
        annotations:
          # Enable TLS between GCLB and the application
          cloud.google.com/app-protocols: '{"https":"HTTPS"}'
          service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}'
          # Comment out the following line if you are not using a VPC-native cluster
          cloud.google.com/neg: '{"ingress": true}'
  elasticsearchRef:
    name: hulk
  podTemplate:
    spec:
      containers:
        - name: kibana
          readinessProbe:
            # Override the readiness probe as GCLB reuses it for its own healthchecks
            httpGet:
              scheme: HTTPS
              path: "/kibana/login"
              port: 5601
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hulk
  labels:
    app: hulk
  annotations:
    # Issue certificates for TLS hosts automatically
    cert-manager.io/cluster-issuer: "selfsigning-issuer"
    # Disable HTTP traffic
    kubernetes.io/ingress.allow-http: "false"
spec:
  tls:
    - hosts: ["elastic.stack"]
      secretName: hulk-kibana-cert
  rules:
    - host: "elastic.stack"
      http:
        paths:
          - path: "/kibana/*"
            pathType: Exact
            backend:
              service:
                name: hulk-kb-http
                port:
                  name: https