Error when setting up TLS with Let's Encrypt

Question

When following the steps for setting up TLS with AKS here: https://learn.microsoft.com/en-us/azure/aks/ingress-tls, at "Install cert-manager" the code for Azure CLI (replacing <REGISTRY_URL> with the URL for my ACR):

# Set variable for ACR location to use for pulling images
ACR_URL=<REGISTRY_URL>

# Label the ingress-basic namespace to disable resource validation
kubectl label namespace ingress-basic cert-manager.io/disable-validation=true

# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io

# Update your local Helm chart repository cache
helm repo update

# Install the cert-manager Helm chart
helm install cert-manager jetstack/cert-manager \
  --namespace ingress-basic \
  --version $CERT_MANAGER_TAG \
  --set installCRDs=true \
  --set nodeSelector."kubernetes\.io/os"=linux \
  --set image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_CONTROLLER \
  --set image.tag=$CERT_MANAGER_TAG \
  --set webhook.image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_WEBHOOK \
  --set webhook.image.tag=$CERT_MANAGER_TAG \
  --set cainjector.image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_CAINJECTOR \
  --set cainjector.image.tag=$CERT_MANAGER_TAG

results in the following error output:

namespace/ingress-basic not labeled

"jetstack" already exists with the same configuration, skipping

Hang tight while we grab the latest from your chart repositories...

...Successfully got an update from the "ingress-nginx" chart repository

...Successfully got an update from the "jetstack" chart repository

Update Complete. ⎈Happy Helming!⎈

Error: INSTALLATION FAILED: expected at most two arguments, unexpected arguments: installCRDs=true

PS: Adding '=' in the 'namespace' and 'version' arguments seems to have solved the above issue, but the script then timed out with the message:

Error: INSTALLATION FAILED: failed post-install: timed out waiting for the condition

and subsequent invocations result in:

Error: INSTALLATION FAILED: cannot re-use a name that is still in use

Answer 1

Hello Александр Горюнов

As per https://learn.microsoft.com/en-us/azure/aks/ingress-tls?tabs=azure-cli#import-the-cert-manager-images-used-by-the-helm-chart-into-your-acr, did you import the images into your ACR with the below steps?

REGISTRY_NAME=<REGISTRY_NAME>

CERT_MANAGER_REGISTRY=quay.io

CERT_MANAGER_TAG=v1.8.0

CERT_MANAGER_IMAGE_CONTROLLER=jetstack/cert-manager-controller

CERT_MANAGER_IMAGE_WEBHOOK=jetstack/cert-manager-webhook

CERT_MANAGER_IMAGE_CAINJECTOR=jetstack/cert-manager-cainjector

az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_CONTROLLER:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_CONTROLLER:$CERT_MANAGER_TAG

az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_WEBHOOK:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_WEBHOOK:$CERT_MANAGER_TAG

az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_CAINJECTOR:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_CAINJECTOR:$CERT_MANAGER_TAG

You can go to Azure Portal, open the ACR and check under Repositories if they are there.

As an alternative, you can replace in the "helm install cert-manager jetstack/cert-manager" command "$ACR_URL" with "$CERT_MANAGER_REGISTRY" so it will pull the image directly from quay.io instead of importing the images into your ACR and then pulling them from ACR.

---

I hope this is helpful. If any clarification needed, let me know and I will do my best to answer.

Please "Accept as Answer" and Upvote if it helped, so that it can help others in the community looking for help on similar topics.

Thank you!