KEP-3325: SelfSubjectReview API Beta graduation

Signed-off-by: m.nabokikh <[email protected]>

Author: nabokihms

keps/prod-readiness/sig-auth/3325.yaml

@@ -1,3 +1,5 @@
 kep-number: 3325
 alpha:
   approver: "@deads2k"
+beta:
+  approver: "@deads2k"

keps/sig-auth/3325-self-subject-attributes-review-api/README.md

@@ -243,16 +243,34 @@ We expect no non-infra related flakes in the last month as a GA graduation crite
 
 #### Alpha
 
+- `SelfSubjectReview` endpoint is introduced in `authentication.k8s.io/v1alpha1` API
 - Feature implemented behind a feature flag
 - Initial unit and integration tests completed and enabled
+- Corresponding kubectl command implemented: `kubectl alpha auth whoami`
 
 #### Beta
 
 - Gather feedback from users
+- `SelfSubjectReview` is promoted to `authentication.k8s.io/v1beta1` API
+- Promote feature gate to Beta and make it enabled by default
+- Unit tests coverage improved
+- `kubectl alpha auth whoami` command uses `authentication.k8s.io/v1beta1` API
+- Fix [documentation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#self-subject-review):
+  - Change API version
+  - Rewrite conditions to enable the feature
 
 #### GA
 
-- Corresponding kubectl command implemented
+- `SelfSubjectReview` is promoted to `authentication.k8s.io/v1` API
+- Promote feature gate to Stable
+- `kubectl alpha auth whoami` replaced with `kubectl auth whoami`
+- `kubectl auth whoami` command uses `authentication.k8s.io/v1` API
+- An article about motivation to use this feature is added to the Kubernetes blog
+- More integration and e2e tests cases
+- Fix [documentation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#self-subject-review):
+  - Change API version
+  - Rewrite conditions to enable the feature
+  - Change kubectl command
 
 NOTE: Should not be a part of [conformance tests](https://git.k8s.io/community/contributors/devel/sig-architecture/conformance-tests.md).
 The fact that a user possesses a token does not necessarily imply the power to know to whom that token belongs.
@@ -263,22 +281,9 @@ The fact that a user possesses a token does not necessarily imply the power to k
 
 ###### How can this feature be enabled / disabled in a live cluster?
 
-<!--
-Pick one of these and delete the rest.
--->
-
-- Feature gate
+- [X] Feature gate (also fill in values in `kep.yaml`)
   - Feature gate name: `APISelfSubjectReview`
-  - Components depending on the feature gate:
-    - kube-apiserver
-
-```go
-FeatureSpec{
-	Default: false,
-	LockToDefault: false,
-	PreRelease: featuregate.Alpha,
-}
-```
+  - Components depending on the feature gate: `kube-apiserver`
 
 ###### Does enabling the feature change any default behavior?
 

keps/sig-auth/3325-self-subject-attributes-review-api/kep.yaml

@@ -10,6 +10,7 @@ reviewers:
 - "@enj"
 - "@deads2k"
 - "@mikedanese"
+- "@liggitt"
 approvers:
 - TBD
 creation-date: "2022-05-30"