Merge pull request #42994 from Shawyeok/features/full-tls-etcd-cluster

Automatic merge from submit-queue

Centos provider: generate SSL certificates for etcd cluster.

**What this PR does / why we need it**:
Support secure etcd cluster for centos provider, generate SSL certificates for etcd in default. Running it w/o SSL is exposing cluster data to everyone and is not recommended. [#39462](https://github.com/kubernetes/kubernetes/pull/39462#issuecomment-271601547)

/cc @jszczepkowski @zmerlynn 

**Release note**:
```release-note
Support secure etcd cluster for centos provider.
```

cluster/gce/upgrade.sh

@@ -130,7 +130,7 @@ function backfile-kubeletauth-certs() {
   echo "${CA_KEY_BASE64}" | base64 -d > "${KUBE_TEMP}/pki/ca.key"
   echo "${CA_CERT_BASE64}" | base64 -d > "${KUBE_TEMP}/pki/ca.crt"
   (cd "${KUBE_TEMP}/pki"
-    download-cfssl
+    download-cfssl "${KUBE_TEMP}/cfssl"
     cat <<EOF > ca-config.json
 {
   "signing": {