nerdctl, BuildKit, and the k3s binary. Deployment-specific credentials, TLS material, kubeconfig, service-account keys, Zomg workloads, k3s cluster state, SSH host keys, cloud-init state, and machine identity are not intentionally stored in the image.
Current public image
The shared image is stored in:loopwork.com organization policy constraints/iam.allowedPolicyMemberDomains is set to the Google-managed default, which allows the public authenticated image IAM binding.
Use the family so new setup runs automatically pick up the latest image:
Build and publish
Build a new image and grant use to authenticated Google users:Destroy
Delete an exact image by name:--yes for non-interactive deletion.