KEP-4601: promote to stable

liggitt · liggitt · commit 31f23f14a783 · 2025-07-17T14:49:32.000-04:00
diff --git a/content/en/docs/reference/access-authn-authz/node.md b/content/en/docs/reference/access-authn-authz/node.md
@@ -29,10 +29,7 @@ Read operations:
 
 {{< feature-state feature_gate_name="AuthorizeNodeWithSelectors" >}}
 
-When the `AuthorizeNodeWithSelectors` feature is enabled
-(along with the pre-requisite `AuthorizeWithSelectors` feature),
-kubelets are only allowed to read their own Node objects,
-and are only allowed to read pods bound to their node.
+Kubelets are limited to reading their own Node objects, and only reading pods bound to their node.
 
 Write operations:
 
diff --git a/content/en/docs/reference/access-authn-authz/webhook.md b/content/en/docs/reference/access-authn-authz/webhook.md
@@ -166,8 +166,9 @@ Access to non-resource paths are sent as:
 
 {{< feature-state feature_gate_name="AuthorizeWithSelectors" >}}
 
-With the `AuthorizeWithSelectors` feature enabled, field and label selectors in the request
-are passed to the authorization webhook. The webhook can make authorization decisions
+When calling out to an authorization webhook, Kubernetes passes
+label and field selectors in the request to the authorization webhook.
+The authorization webhook can make authorization decisions
 informed by the scoped field and label selectors, if it wishes.
 
 The [SubjectAccessReview API documentation](/docs/reference/kubernetes-api/authorization-resources/subject-access-review-v1/)
diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/AuthorizeNodeWithSelectors.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/AuthorizeNodeWithSelectors.md
@@ -13,6 +13,9 @@ stages:
   - stage: beta
     defaultValue: true
     fromVersion: "1.32"
+    toVersion: "1.33"
+  - stage: stable
+    defaultValue: true
+    fromVersion: "1.34"
 ---
 Make the [Node authorizer](/docs/reference/access-authn-authz/node/) use fine-grained selector authorization.
-Requires `AuthorizeWithSelectors` to be enabled.
diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates/AuthorizeWithSelectors.md b/content/en/docs/reference/command-line-tools-reference/feature-gates/AuthorizeWithSelectors.md
@@ -13,6 +13,10 @@ stages:
   - stage: beta
     defaultValue: true
     fromVersion: "1.32"
+    toVersion: "1.33"
+  - stage: stable
+    defaultValue: true
+    fromVersion: "1.34"
 ---
 Allows authorization to use field and label selectors.
 Enables `fieldSelector` and `labelSelector` fields in the [SubjectAccessReview API](/docs/reference/kubernetes-api/authorization-resources/subject-access-review-v1/),
diff --git a/content/en/docs/reference/using-api/cel.md b/content/en/docs/reference/using-api/cel.md
@@ -413,9 +413,10 @@ To perform an authorization check for a service account:
 </tbody>
 </table>
 
-{{< feature-state state="alpha" for_k8s_version="v1.31" >}}
+{{< feature-state feature_gate_name="AuthorizeWithSelectors" >}}
 
-With the alpha `AuthorizeWithSelectors` feature enabled, field and label selectors can be added to authorization checks.
+For CEL expressions in the API where a variable of type `Authorizer` is available,
+field and label selectors can be included in authorization checks.
 
 <table>
 <caption>Examples of CEL expressions using selector authorization functions</caption>
