API server encryption

[picklednewtons]

Following the process at Encrypting etcd data I can encrypt etcd and the K8s and OAuth API servers. I have tested on a new 4.8.18 cluster and there appear to be no ill effects. Looking at the ARO 4 support policies I think I should still be within support if I do this but was hoping someone may be able to confirm for me please?

More broadly I'm looking at what hardening is possible against the OCP4 CIS standard.