diff --git a/cmd/kubeadm/app/cmd/phases/certs.go b/cmd/kubeadm/app/cmd/phases/certs.go
index 5b851bbd19301..d8220c5d3588d 100644
--- a/cmd/kubeadm/app/cmd/phases/certs.go
+++ b/cmd/kubeadm/app/cmd/phases/certs.go
@@ -44,7 +44,7 @@ var (
 
 	allCertsExample = normalizer.Examples(`
 		# Creates all PKI assets necessary to establish the control plane, 
-		# functionally equivalent to what generated by kubeadm init.
+		# functionally equivalent to what generated by kubeadm init.
 		kubeadm alpha phase certs all
 
 		# Creates all PKI assets using options read from a configuration file.
@@ -172,43 +172,43 @@ func getCertsSubCommands(defaultKubernetesVersion string) []*cobra.Command {
 		},
 		{
 			use:     "ca",
-			short:   "Generates self-signed kubernetes CA to provision identities for components of the cluster",
+			short:   "Generates a self-signed kubernetes CA to provision identities for components of the cluster",
 			long:    caCertLongDesc,
-			cmdFunc: certsphase.CreateCACertAndKeyfiles,
+			cmdFunc: certsphase.CreateCACertAndKeyFiles,
 		},
 		{
 			use:     "apiserver",
-			short:   "Generates API server serving certificate and key",
+			short:   "Generates an API server serving certificate and key",
 			long:    apiServerCertLongDesc,
 			cmdFunc: certsphase.CreateAPIServerCertAndKeyFiles,
 		},
 		{
 			use:     "apiserver-kubelet-client",
-			short:   "Generates client certificate for the API server to connect to the kubelets securely",
+			short:   "Generates a client certificate for the API server to connect to the kubelets securely",
 			long:    apiServerKubeletCertLongDesc,
 			cmdFunc: certsphase.CreateAPIServerKubeletClientCertAndKeyFiles,
 		},
 		{
 			use:     "etcd-ca",
-			short:   "Generates self-signed CA to provision identities for etcd",
+			short:   "Generates a self-signed CA to provision identities for etcd",
 			long:    etcdCaCertLongDesc,
 			cmdFunc: certsphase.CreateEtcdCACertAndKeyFiles,
 		},
 		{
 			use:     "etcd-server",
-			short:   "Generates etcd serving certificate and key",
+			short:   "Generates an etcd serving certificate and key",
 			long:    etcdServerCertLongDesc,
 			cmdFunc: certsphase.CreateEtcdServerCertAndKeyFiles,
 		},
 		{
 			use:     "etcd-peer",
-			short:   "Generates etcd peer certificate and key",
+			short:   "Generates an etcd peer certificate and key",
 			long:    etcdPeerCertLongDesc,
 			cmdFunc: certsphase.CreateEtcdPeerCertAndKeyFiles,
 		},
 		{
 			use:     "apiserver-etcd-client",
-			short:   "Generates client certificate for the API server to connect to etcd securely",
+			short:   "Generates a client certificate for the API server to connect to etcd securely",
 			long:    apiServerEtcdServerCertLongDesc,
 			cmdFunc: certsphase.CreateAPIServerEtcdClientCertAndKeyFiles,
 		},
@@ -220,13 +220,13 @@ func getCertsSubCommands(defaultKubernetesVersion string) []*cobra.Command {
 		},
 		{
 			use:     "front-proxy-ca",
-			short:   "Generates front proxy CA certificate and key for a Kubernetes cluster",
+			short:   "Generates a front proxy CA certificate and key for a Kubernetes cluster",
 			long:    frontProxyCaCertLongDesc,
 			cmdFunc: certsphase.CreateFrontProxyCACertAndKeyFiles,
 		},
 		{
 			use:     "front-proxy-client",
-			short:   "Generates front proxy CA client certificate and key for a Kubernetes cluster",
+			short:   "Generates a front proxy CA client certificate and key for a Kubernetes cluster",
 			long:    frontProxyClientCertLongDesc,
 			cmdFunc: certsphase.CreateFrontProxyClientCertAndKeyFiles,
 		},
diff --git a/cmd/kubeadm/app/phases/certs/certs.go b/cmd/kubeadm/app/phases/certs/certs.go
index 76752515f2c18..2d9a1026853b9 100644
--- a/cmd/kubeadm/app/phases/certs/certs.go
+++ b/cmd/kubeadm/app/phases/certs/certs.go
@@ -34,7 +34,7 @@ import (
 func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error {
 
 	certActions := []func(cfg *kubeadmapi.MasterConfiguration) error{
-		CreateCACertAndKeyfiles,
+		CreateCACertAndKeyFiles,
 		CreateAPIServerCertAndKeyFiles,
 		CreateAPIServerKubeletClientCertAndKeyFiles,
 		CreateEtcdCACertAndKeyFiles,
@@ -58,9 +58,9 @@ func CreatePKIAssets(cfg *kubeadmapi.MasterConfiguration) error {
 	return nil
 }
 
-// CreateCACertAndKeyfiles create a new self signed CA certificate and key files.
+// CreateCACertAndKeyFiles create a new self signed cluster CA certificate and key files.
 // If the CA certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.
-func CreateCACertAndKeyfiles(cfg *kubeadmapi.MasterConfiguration) error {
+func CreateCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error {
 
 	caCert, caKey, err := NewCACertAndKey()
 	if err != nil {
@@ -77,7 +77,7 @@ func CreateCACertAndKeyfiles(cfg *kubeadmapi.MasterConfiguration) error {
 
 // CreateAPIServerCertAndKeyFiles create a new certificate and key files for the apiserver.
 // If the apiserver certificate and key files already exists in the target folder, they are used only if evaluated equal; otherwise an error is returned.
-// It assumes the cluster CA certificate and key files should exists into the CertificatesDir
+// It assumes the cluster CA certificate and key files exist in the CertificatesDir.
 func CreateAPIServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error {
 
 	caCert, caKey, err := loadCertificateAuthority(cfg.CertificatesDir, kubeadmconstants.CACertAndKeyBaseName)
@@ -99,9 +99,9 @@ func CreateAPIServerCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error {
 	)
 }
 
-// CreateAPIServerKubeletClientCertAndKeyFiles create a new CA certificate for kubelets calling apiserver
+// CreateAPIServerKubeletClientCertAndKeyFiles create a new certificate for kubelets calling apiserver.
 // If the apiserver-kubelet-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.
-// It assumes the cluster CA certificate and key files should exists into the CertificatesDir
+// It assumes the cluster CA certificate and key files exist in the CertificatesDir.
 func CreateAPIServerKubeletClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error {
 
 	caCert, caKey, err := loadCertificateAuthority(cfg.CertificatesDir, kubeadmconstants.CACertAndKeyBaseName)
@@ -252,7 +252,7 @@ func CreateFrontProxyCACertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) erro
 
 // CreateFrontProxyClientCertAndKeyFiles create a new certificate for proxy server client.
 // If the front-proxy-client certificate and key files already exists in the target folder, they are used only if evaluated equals; otherwise an error is returned.
-// It assumes the front proxy CAA certificate and key files should exists into the CertificatesDir
+// It assumes the front proxy CA certificate and key files exist in the CertificatesDir.
 func CreateFrontProxyClientCertAndKeyFiles(cfg *kubeadmapi.MasterConfiguration) error {
 
 	frontProxyCACert, frontProxyCAKey, err := loadCertificateAuthority(cfg.CertificatesDir, kubeadmconstants.FrontProxyCACertAndKeyBaseName)
@@ -285,7 +285,7 @@ func NewCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error) {
 	return caCert, caKey, nil
 }
 
-// NewAPIServerCertAndKey generate CA certificate for apiserver, signed by the given CA.
+// NewAPIServerCertAndKey generate certificate for apiserver, signed by the given CA.
 func NewAPIServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
 
 	altNames, err := pkiutil.GetAPIServerAltNames(cfg)
@@ -306,7 +306,7 @@ func NewAPIServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Ce
 	return apiCert, apiKey, nil
 }
 
-// NewAPIServerKubeletClientCertAndKey generate CA certificate for the apiservers to connect to the kubelets securely, signed by the given CA.
+// NewAPIServerKubeletClientCertAndKey generate certificate for the apiservers to connect to the kubelets securely, signed by the given CA.
 func NewAPIServerKubeletClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
 
 	config := certutil.Config{
@@ -333,7 +333,7 @@ func NewEtcdCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error) {
 	return etcdCACert, etcdCAKey, nil
 }
 
-// NewEtcdServerCertAndKey generate CA certificate for etcd, signed by the given CA.
+// NewEtcdServerCertAndKey generate certificate for etcd, signed by the given CA.
 func NewEtcdServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
 
 	altNames, err := pkiutil.GetEtcdAltNames(cfg)
@@ -354,7 +354,7 @@ func NewEtcdServerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.C
 	return etcdServerCert, etcdServerKey, nil
 }
 
-// NewEtcdPeerCertAndKey generate CA certificate for etcd peering, signed by the given CA.
+// NewEtcdPeerCertAndKey generate certificate for etcd peering, signed by the given CA.
 func NewEtcdPeerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
 
 	altNames, err := pkiutil.GetEtcdPeerAltNames(cfg)
@@ -375,7 +375,7 @@ func NewEtcdPeerCertAndKey(cfg *kubeadmapi.MasterConfiguration, caCert *x509.Cer
 	return etcdPeerCert, etcdPeerKey, nil
 }
 
-// NewAPIServerEtcdClientCertAndKey generate CA certificate for the apiservers to connect to etcd securely, signed by the given CA.
+// NewAPIServerEtcdClientCertAndKey generate certificate for the apiservers to connect to etcd securely, signed by the given CA.
 func NewAPIServerEtcdClientCertAndKey(caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
 
 	config := certutil.Config{
@@ -414,7 +414,7 @@ func NewFrontProxyCACertAndKey() (*x509.Certificate, *rsa.PrivateKey, error) {
 	return frontProxyCACert, frontProxyCAKey, nil
 }
 
-// NewFrontProxyClientCertAndKey generate CA certificate for proxy server client, signed by the given front proxy CA.
+// NewFrontProxyClientCertAndKey generate certificate for proxy server client, signed by the given front proxy CA.
 func NewFrontProxyClientCertAndKey(frontProxyCACert *x509.Certificate, frontProxyCAKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
 
 	config := certutil.Config{
diff --git a/cmd/kubeadm/app/phases/certs/certs_test.go b/cmd/kubeadm/app/phases/certs/certs_test.go
index 8bfbca4b5b99a..e35759e6c3869 100644
--- a/cmd/kubeadm/app/phases/certs/certs_test.go
+++ b/cmd/kubeadm/app/phases/certs/certs_test.go
@@ -490,7 +490,7 @@ func TestValidateMethods(t *testing.T) {
 		{
 			name: "validateCACert",
 			setupFuncs: []func(cfg *kubeadmapi.MasterConfiguration) error{
-				CreateCACertAndKeyfiles,
+				CreateCACertAndKeyFiles,
 			},
 			validateFunc:    validateCACert,
 			loc:             certKeyLocation{caBaseName: "ca", baseName: "", uxName: "CA"},
@@ -499,7 +499,7 @@ func TestValidateMethods(t *testing.T) {
 		{
 			name: "validateCACertAndKey (files present)",
 			setupFuncs: []func(cfg *kubeadmapi.MasterConfiguration) error{
-				CreateCACertAndKeyfiles,
+				CreateCACertAndKeyFiles,
 			},
 			validateFunc:    validateCACertAndKey,
 			loc:             certKeyLocation{caBaseName: "ca", baseName: "", uxName: "CA"},
@@ -518,7 +518,7 @@ func TestValidateMethods(t *testing.T) {
 		{
 			name: "validateSignedCert",
 			setupFuncs: []func(cfg *kubeadmapi.MasterConfiguration) error{
-				CreateCACertAndKeyfiles,
+				CreateCACertAndKeyFiles,
 				CreateAPIServerCertAndKeyFiles,
 			},
 			validateFunc:    validateSignedCert,
@@ -602,16 +602,16 @@ func TestCreateCertificateFilesMethods(t *testing.T) {
 			},
 		},
 		{
-			createFunc:    CreateCACertAndKeyfiles,
+			createFunc:    CreateCACertAndKeyFiles,
 			expectedFiles: []string{kubeadmconstants.CACertName, kubeadmconstants.CAKeyName},
 		},
 		{
-			setupFunc:     CreateCACertAndKeyfiles,
+			setupFunc:     CreateCACertAndKeyFiles,
 			createFunc:    CreateAPIServerCertAndKeyFiles,
 			expectedFiles: []string{kubeadmconstants.APIServerCertName, kubeadmconstants.APIServerKeyName},
 		},
 		{
-			setupFunc:     CreateCACertAndKeyfiles,
+			setupFunc:     CreateCACertAndKeyFiles,
 			createFunc:    CreateAPIServerKubeletClientCertAndKeyFiles,
 			expectedFiles: []string{kubeadmconstants.APIServerKubeletClientCertName, kubeadmconstants.APIServerKubeletClientKeyName},
 		},
diff --git a/cmd/kubeadm/app/phases/upgrade/staticpods_test.go b/cmd/kubeadm/app/phases/upgrade/staticpods_test.go
index afab89e703bbe..cea9c171d0ebf 100644
--- a/cmd/kubeadm/app/phases/upgrade/staticpods_test.go
+++ b/cmd/kubeadm/app/phases/upgrade/staticpods_test.go
@@ -321,7 +321,7 @@ func TestStaticPodControlPlane(t *testing.T) {
 
 		// Initialize PKI minus any etcd certificates to simulate etcd PKI upgrade
 		certActions := []func(cfg *kubeadmapi.MasterConfiguration) error{
-			certsphase.CreateCACertAndKeyfiles,
+			certsphase.CreateCACertAndKeyFiles,
 			certsphase.CreateAPIServerCertAndKeyFiles,
 			certsphase.CreateAPIServerKubeletClientCertAndKeyFiles,
 			// certsphase.CreateEtcdCACertAndKeyFiles,