Zomg publishes a reusable GCE VM image to speed up cloud setup. The image contains only generic host dependencies and binaries: Ubuntu packages, nerdctl, BuildKit, and the k3s binary. Deployment-specific credentials, TLS material, kubeconfig, service-account keys, Zomg workloads, k3s cluster state, SSH host keys, cloud-init state, and machine identity are not intentionally stored in the image.

Current public image

The shared image is stored in:
Project: zomg-prod-260623-387db6
Family:  zomg-vm
Latest:  zomg-vm-20260624-210756
Access:  allAuthenticatedUsers with roles/compute.imageUser
The image was built on June 24, 2026 and is ready in Google Compute Engine Images. The loopwork.com organization policy constraints/iam.allowedPolicyMemberDomains is set to the Google-managed default, which allows the public authenticated image IAM binding. Use the family so new setup runs automatically pick up the latest image:
just from-image --profile <profile> \
  --image-family zomg-vm \
  --image-project zomg-prod-260623-387db6
To pin an exact image, use:
just from-image --profile <profile> \
  --image projects/zomg-prod-260623-387db6/global/images/<image-name>

Build and publish

Build a new image and grant use to authenticated Google users:
just gcp-image-build --profile prod \
  --image-project zomg-prod-260623-387db6 \
  --image-family zomg-vm \
  --share-with allAuthenticatedUsers
The builder VM is created without a service account or OAuth scopes. Before image capture, the script removes SSH host keys, cloud-init state, machine identity, temporary files, and any k3s or Zomg runtime state.

Destroy

Delete an exact image by name:
just gcp-image-destroy --profile prod \
  --image-project zomg-prod-260623-387db6 \
  --image <image-name>
Use --yes for non-interactive deletion.