What's Changed
🆕 Controller Versioning
The version of origin-ca-issuer is now embedded by Go 1.24's go build. This version is included as part of the User-Agent sent to the Cloudflare API when creating or renewing an Origin CA certificate.
🆕 CA Certificate
The CA Certificate is now included on secrets for new or renewed certificates, for compatibility with applications that require a chain instead of just a leaf certificate. Fixes #70.
🥇 Image Signatures
The OCI artifacts for this release have been signed using cosign with the GitHub Actions OIDC Token identity, and published to the public Rekor instance. The signing of Helm artifacts is planned.
cosign verify docker.io/cloudflare/origin-ca-issuer:v0.12.0 \
--certificate-identity https://github.com/cloudflare/origin-ca-issuer/.github/workflows/docker.yaml@refs/tags/v0.12.0 \
--certificate-oidc-issuer https://token.actions.githubusercontent.com
As this is the first release with signatures, they are experimental. Please report any issues you have.
Full Changelog: v0.11.0...v0.12.0