Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Hugo Huang
on 29 September 2022

Build Ubuntu Pro Golden Image on Google Cloud


What is Golden Image

A Golden image is a base image that is used as a template for your organization’s various virtual machines either on-prem or in the public cloud. It streamlines software development processes since mission-critical applications are dependent on a certified environment. Using Golden Images saves numerous hours and resources as they create consistent environments for your developers and operation teams. Golden Images not only help prevent human errors but also standardize VM configurations.

Why we use Ubuntu Pro to create Golden Images

Among many other benefits, Ubuntu Pro adds security coverage for the most important open-source applications like Apache Kafka, NGINX, MongoDB, Redis, and PostgreSQL. I believe this security assurance does align with your purpose of building Golden Images.

Create Ubuntu Pro Golden Image on Google Cloud

We will use Cloud Shell to create a Golden Image. Of course, you can use other tools, such as Packer, to create Golden Images. We may discuss those tools in another article. We will use Ubuntu Pro 22.04 as the base image for the image. You can use any Ubuntu Pro images that you find in your Google Cloud Console.

Once we logged in to Google Cloud Console, in Cloud Shell, we input:

gcloud compute images list --project=ubuntu-os-pro-cloud | grep ubuntu-pro
NAME: ubuntu-pro-1604-xenial-v20220810
FAMILY: ubuntu-pro-1604-lts
NAME: ubuntu-pro-1804-bionic-v20220902
FAMILY: ubuntu-pro-1804-lts
NAME: ubuntu-pro-2004-focal-v20220905
FAMILY: ubuntu-pro-2004-lts
NAME: ubuntu-pro-2204-jammy-v20220923
FAMILY: ubuntu-pro-2204-lts
NAME: ubuntu-pro-fips-1804-bionic-v20220829
FAMILY: ubuntu-pro-fips-1804-lts
NAME: ubuntu-pro-fips-2004-focal-v20220829
FAMILY: ubuntu-pro-fips-2004-lts

We find 6 different versions of Ubuntu Pro images. We will pick Ubuntu Pro 22.04 for this demo. Let’s create a Golden Image from this Ubuntu Pro 22.04 official image:

gcloud compute images create golden-image3 --source-image-family=ubuntu-pro-2204-lts --source-image-project=ubuntu-os-pro-cloud
Created [https://www.googleapis.com/compute/v1/projects/[YOUR_PROJECT]/global/images/golden-image].
NAME: golden-image
PROJECT: [YOUR_PROJECT]
FAMILY:
DEPRECATED:
STATUS: READY

Done. We have created a Golden Image. You will find it in your image gallery.

Let’s check if this Golden Image contains the Ubuntu Pro license:

gcloud compute images describe golden-image
architecture: X86_64
archiveSizeBytes: '1000068480'
creationTimestamp: '2022-09-28T15:24:56.705-07:00'
diskSizeGb: '10'
guestOsFeatures:
- type: VIRTIO_SCSI_MULTIQUEUE
- type: SEV_CAPABLE
- type: UEFI_COMPATIBLE
- type: GVNIC
id: '550225037951072087'
kind: compute#image
labelFingerprint: 42WmSpB8rSM=
licenseCodes:
- '2592866803419978320'
licenses:
- https://www.googleapis.com/compute/v1/projects/ubuntu-os-pro-cloud/global/licenses/ubuntu-pro-2204-lts
name: golden-image
selfLink: https://www.googleapis.com/compute/v1/projects/confident-sweep-285415/global/images/golden-image3
shieldedInstanceInitialState:
[...]

The license block “licenses: – https://www.googleapis.com/compute/v1/projects/ubuntu-os-pro-cloud/global/licenses/ubuntu-pro-2204-lts” shows that this image contains the Ubuntu Pro license.

Let’s use this Golden Image to create an instance:

gcloud compute instances create instance-from-golden-image --image=golden-image
Created [https://www.googleapis.com/compute/v1/projects/[YOUR_PROJECT]/zones/us-east1-b/instances/instance-from-golden-image].
NAME: instance-from-golden-image
ZONE: us-east1-b
MACHINE_TYPE: n1-standard-1
PREEMPTIBLE:
INTERNAL_IP: 10.142.0.45
EXTERNAL_IP: 34.139.200.39
STATUS: RUNNING

Then SSH into this machine to check its license:

gcloud compute ssh instance-from-golden-image
ua status

This machine is entitled to all the Ubuntu Pro features, such as ESM and Livepatch.

We have successfully created a Ubuntu Pro Golden Image. It’s time for the whole organization to use this Golden Image.

Share Golden Image

In order for other users in my organization to use this Golden Image, I need to authorize them to Compute Image User role (roles/compute.imageUser). So they will have permission to list, read, and use images. This practice follows the Least Privilege principle, so those image users don’t have other permissions to modify this Golden Image.

We select the Golden Image in the Image Gallery, and click ADD PRINCIPAL in the INFO PANEL:

Then enter the email address of the identity I want to share the image with (I entered my email address for this demo). And I select Image User in the Role list.

We may also grant users the Viewer IAM role (roles/viewer) for the image project to ensure that the shared image appears in the image selection list.

That’s it. We created a Golden Image on Google Cloud and shared it with the users who need to use it. We may discuss how to use Packer to create Golden Image, how to create a Golden Image with the preinstalled application, and how to create a Golden Image from a running virtual machine next time. Stay tuned!

Related posts


Hugo Huang
13 May 2024

Ubuntu Pro 24.04 LTS Lands on Google Cloud: Power Up Your Cloud Experience

Cloud and server Ubuntu Pro

Exciting news for cloud enthusiasts and developers! Ubuntu Pro 24.04 LTS (Noble Numbat) is now available on Google Cloud, bringing a robust and secure platform for your cloud workloads. This latest Long Term Support release from Canonical offers a wealth of features and enhancements, making it the perfect choice for building and deploying ...


Matthew de Klerk
12 December 2024

What is vulnerability management?

Security Article

Vulnerability management is the holistic process of identifying and handling security risks in an organization’s networks, systems and devices. Vulnerability management serves an overarching strategy that describes and outlines the many individual efforts and steps taken to reduce cyber incident risk to acceptable levels and improve overa ...


Yash Aggarwal
4 November 2024

Join us for Microsoft Ignite

Ubuntu Article

The Canonical team is gearing up for the next big gathering at Microsoft Ignite 2024, which will take place from November 18 – 22, 2024. Get ready to dive deep into the latest conversations that will shape the future of cloud and open-source innovation. Expand and secure your Microsoft Ignite journey with a visit to ...