GKE cluster missing ca.key

I redeployed my kubernettes cluster specifying secure enabled: true in the values.yaml file. The pods started and we approved the CSRs and the cluster is running in secure mode. Im trying to create client certs and it appears that the ca.key was not generated on the nodes.
I dont see anything in the cluster-init.yaml that references the ca.key file. Also this-
- name: init-certs
image: “{{ .Values.Secure.RequestCertsImage }}:{{ .Values.Secure.RequestCertsImageTag }}”
imagePullPolicy: “{{ .Values.ImagePullPolicy }}”
command:
- “/bin/ash”
- “-ecx”
- “/request-cert -namespace=${POD_NAMESPACE} -certs-dir=/cockroach-certs -type=client -user=root -symlink-ca-from=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt”

Does not seem to have generated a client cert for the root account. I cant access this cluster.

Hey @jhops

Sorry to hear you are having trouble getting your certificates. Would it be possible to attach the yaml file here, or if you would rather you can send it to my email ricardo@cockroachlabs.com? That will let me take a closer look and compare versus the yaml file I have on hand. I can check in case anything is missing, and also try to recreate a cluster using your yaml file.

Cheers,
Ricardo