I think the perspective on installing software has changed quite a bit in the industry. Manual setup - especially for something complex like a cluster - is considered not only too time-consuming, but also insecure. It’s fine for testing things out, but in production you want your infrastructure to be immutable. Meaning that if it breaks or is compromised, you don’t fix it, you re-create it from scratch. And you don’t depend on manual steps, as they are not repeatable and prone to social hacking.
In that vein there is work to be done in CockroachDB with respect to installing a secure cluster. It must be possible to use industry-standard certificates from Letsencrypt and other CAs, which will remove the need for generating a custom CA key and certificate that must be safeguarded and can’t be integrated in an automated workflow.
Obviously, this is just my opinion and not a rule of the universe. So I welcome differing opinions and arguments why the status quo is secure enough for production.