update FIPS steps

modules/osd-create-cluster-ccs.adoc

@@ -168,17 +168,21 @@ With *Use Custom KMS keys* selected:
 ... Select a key name from the *Key name* drop-down menu.
 ... Provide the *KMS Service Account*.
 +
+
+.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
++
+[NOTE]
+====
+If *Enable FIPS cryptography* is selected, *Enable additional etcd encryption* is enabled by default and cannot be disabled. You can select *Enable additional etcd encryption* without selecting *Enable FIPS cryptography*.
+====
 endif::osd-on-gcp[]
-.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
+.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but the keys are not. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
 +
 [NOTE]
 ====
 By enabling etcd encryption for the key values in etcd, you will incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
 ====
 +
-ifdef::osd-on-gcp[]
-.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
-endif::osd-on-gcp[]
 ifdef::osd-on-aws[]
 .. Optional: Select *Encrypt persistent volumes with customer keys* if you want to provide your own
 AWS Key Management Service (KMS) key Amazon Resource Name (ARN).

modules/osd-create-cluster-gcp-account.adoc

@@ -64,16 +64,19 @@ With *Use Custom KMS keys* selected:
 ... Provide the *KMS Service Account*.
 
 +
-.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption.
-With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
+.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
++
+[NOTE]
+====
+If *Enable FIPS cryptography* is selected, *Enable additional etcd encryption* is enabled by default and cannot be disabled. You can select *Enable additional etcd encryption* without selecting *Enable FIPS cryptography*.
+====
+.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but the keys are not. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
 +
 [NOTE]
 ====
 By enabling etcd encryption for the key values in etcd, you incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
 ====
 +
-.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
-+
 . Click *Next*.
 
 . On the *Machine pool* page, select a *Compute node instance type* and a *Compute node count*. The number and types of nodes that are available depend on your {product-title} subscription. If you are using multiple availability zones, the compute node count is per zone.

modules/osd-create-cluster-red-hat-account.adoc

@@ -64,6 +64,8 @@ To customize the subdomain, select the *Create custom domain prefix* checkbox, a
 .. Select a cluster version from the *Version* drop-down menu.
 .. Select a cloud provider region from the *Region* drop-down menu.
 .. Select a *Single zone* or *Multi-zone* configuration.
+.. Select a *Persistent storage* capacity for the cluster. For more information, see the _Storage_ section in the {product-title} service definition.
+.. Specify the number of *Load balancers* that you require for your cluster. For more information, see the _Load balancers_ section in the {product-title} service definition.
 +
 ifdef::osd-on-gcp[]
 .. Optional: Select *Enable Secure Boot for Shielded VMs* to use Shielded VMs when installing your cluster. For more information, see link:https://cloud.google.com/security/products/shielded-vm[Shielded VMs].
@@ -74,15 +76,24 @@ To successfully create a cluster, you must select *Enable Secure Boot support fo
 ====
 +
 endif::osd-on-gcp[]
-.. Select a *Persistent storage* capacity for the cluster. For more information, see the _Storage_ section in the {product-title} service definition.
-.. Specify the number of *Load balancers* that you require for your cluster. For more information, see the _Load balancers_ section in the {product-title} service definition.
 .. Leave *Enable user workload monitoring* selected to monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. This option is enabled by default.
+ifdef::osd-on-gcp[]
+. Optional: Expand *Advanced Encryption* to make changes to encryption settings.
++
+.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
++
+[NOTE]
+====
+If *Enable FIPS cryptography* is selected, *Enable additional etcd encryption* is enabled by default and cannot be disabled. You can select *Enable additional etcd encryption* without selecting *Enable FIPS cryptography*.
+====
+endif::osd-on-gcp[]
 .. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
 +
 [NOTE]
 ====
 By enabling etcd encryption for the key values in etcd, you will incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
 ====
++
 .. Click *Next*.
 
 . On the *Default machine pool* page, select a *Compute node instance type* and a *Compute node count*. The number and types of nodes that are available depend on your {product-title} subscription. If you are using multiple availability zones, the compute node count is per zone.

modules/osd-create-cluster-rhm-gcp-account.adoc

@@ -64,16 +64,19 @@ With *Use Custom KMS keys* selected:
 ... Provide the *KMS Service Account*.
 
 +
-.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption.
-With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
+.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
++
+[NOTE]
+====
+If *Enable FIPS cryptography* is selected, *Enable additional etcd encryption* is enabled by default and cannot be disabled. You can select *Enable additional etcd encryption* without selecting *Enable FIPS cryptography*.
+====
+.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
 +
 [NOTE]
 ====
 By enabling etcd encryption for the key values in etcd, you incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Consider enabling etcd encryption only if you specifically require it for your use case.
 ====
 +
-.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
-+
 . Click *Next*.
 
 . On the *Machine pool* page, select a *Compute node instance type* and a *Compute node count*. The number and types of nodes that are available depend on your {product-title} subscription. If you are using multiple availability zones, the compute node count is per zone.