Enable BYOK support for IBM Cloud VPC

Epic Goal

Enable support to bring your own encryption keys for OpenShift on IBM Cloud VPC.

Why is this important? (mandatory)

This feature is a required component for IBM's OpenShift replatforming effort.

Scenarios (mandatory) 

1. provision an IBM Cloud KMS (Key Management Service) instance
2. boot volumes of all provisioned machines (bootstrap node, control plane nodes, worker nodes) should be encrypted accordingly with the specified key
3. customer owned volumes can be encrypted with the specified key

Dependencies (internal and external) (mandatory)

• RH assistance with code reviews
• RH assistance with customer-facing documentation

Contributing Teams(and contacts) (mandatory) 

Our expectation is that teams would modify the list below to fit the epic. Some epics may not need all the default groups but what is included here should accurately reflect who will be involved in delivering the epic.

• Development - 
• Documentation -
• QE - 
• PX - 
• Others -

Acceptance Criteria (optional)

I am able to provide my own key for boot volume encryption when deploying OpenShift on IBM Cloud VPC. Boot volume for all machines should be encrypted with specified key.

Done - Checklist (mandatory)

The following points apply to all epics and are what the OpenShift team believes are the minimum set of criteria that epics should meet for us to consider them potentially shippable. We request that epic owners modify this list to reflect the work to be completed in order to produce something that is potentially shippable.

• CI Testing -  Basic e2e automationTests are merged and completing successfully
• Documentation - Content development is complete.
• QE - Test scenarios are written and executed successfully.
• Technical Enablement - Slides are complete (if requested by PLM)
• Engineering Stories Merged
• All associated work items with the Epic are closed
• Epic status should be "Release Pending"