Fix Jenkins GCE e2e failure and other errors in APPENDIX easyrsa section

Modifications are as following(`APPENDIX` -> `**easyrsa**`):

1, fix Jenkins GCE e2e failure, mainly for markdown errors;
2, change `"${MASTER_IP}"`  to `"IP:${MASTER_IP}"` to keep align with `make-ca-cert.sh`
3, change `/pki/` to `pki/` for the generated certs/key
4, other tiny improvements

Please check, thanks.

docs/admin/authentication.md

@@ -120,17 +120,20 @@ into apiserver start parameters.
 **easyrsa** can be used to manually generate certificates for your cluster.
 
 1.  Download, unpack, and initialize the patched version of easyrsa3.
-    `curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz`
-    `tar xzf easy-rsa.tar.gz`
-    `cd easy-rsa-master/easyrsa3`
-    `./easyrsa init-pki`
-1.  Generate a CA. (--batch set automatic mode. --req-cn default CN to use.)
-    ``./easyrsa --batch "--req-cn=${MASTER_IP}@`date +%s`" build-ca nopass``
+
+          curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz
+          tar xzf easy-rsa.tar.gz
+          cd easy-rsa-master/easyrsa3
+          ./easyrsa init-pki
+1.  Generate a CA. (`--batch` set automatic mode. `--req-cn` default CN to use.)
+
+          ./easyrsa --batch "--req-cn=${MASTER_IP}@`date +%s`" build-ca nopass
 1.  Generate server certificate and key.
     (build-server-full [filename]: Generate a keypair and sign locally for a client or server)
-    `./easyrsa --subject-alt-name="${MASTER_IP}" build-server-full kubernetes-master nopass`
-1.  Copy /pki/ca.crt  /pki/issued/kubernetes-master.crt
-    /pki/private/kubernetes-master.key to your directory.
+
+          ./easyrsa --subject-alt-name="IP:${MASTER_IP}" build-server-full kubernetes-master nopass
+1.  Copy `pki/ca.crt`  `pki/issued/kubernetes-master.crt`
+    `pki/private/kubernetes-master.key` to your directory.
 1.  Remember fill the parameters
     `--client-ca-file=/yourdirectory/ca.crt`
     `--tls-cert-file=/yourdirectory/server.cert`