Hi guys, I've been doing Kelsey Hightower's Kubernetes The Hard Way (https://github.com/kelseyhightower/kubernetes-the-hard-way), but I've decided to go even a harder way.<p>So, I've decided to manage the infra in terraform & build full CI/CD pipelines, and I'm stuck at generating and distributing TLS certificates. (https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/master/docs/04-certificate-authority.md)<p>Doing it with bash script's & cfssl would require me to do some hacky stuff inside my pipelines, and I'd rather solve that too with terraform.<p>I've been thinking about provisioning an off-k8s HA Hashicorp Vault cluster of VMs built with packer and use vault terraform provider to generate all the needed certs.<p>But I in general kinda suck at understanding TLS, or more – the related PKI infrastructure, chain of trust and how it works, my brain seems kinda resilient to it.<p>So, looking for an advice on how to approach it.