Can i use any tools from openssl, ssh-keygen and cfssl to create SSH certificates or the TLS certificates for kubernetes components? Is there any difference in using these three tools? Will the keys/certificates generated by these tools be same?
From kubernetes point of view please take a look for docs about using openssl and probably more advanced cfssl here.
Note:
All Kubernetes components that use these certificates - kubelet, kube-apiserver, kube-controller-manager - assume the key and certificate to be PEM-encoded.
I'm not expert in this matter but you can take a look for community posts like:
How is X.509 used in SSH? X.509 certificates are used as a key storage: Instead of keeping SSH keys in a proprietary format, the software keeps the keys in X.509 certificates. When the SSH key exchange is done, the keys are taken from the certificates.
Note - advantages of using X.509 certificates:
An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can rely on the public key it contains to establish secure communications with another party, or validate documents digitally signed by the corresponding private key.
Hope this help: