feat(docker-image)!: Update quay.io/containerdisks/ubuntu Docker tag to v24

firewall-s3/ks-vm.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app fortigate-s3
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./firewall-s3
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

firewall-s3/test-connectivity/loadbalancers/fortigate-wan.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: fortigate-lb-test
+  namespace: ${TENANT_NAMESPACE}
+  labels:
+    app.kubernetes.io/component: fortigate-lb
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ports:
+    - port: 4500
+      name: ipsec-nat
+      targetPort: 4500
+      protocol: UDP
+    - port: 500
+      name: key-management
+      targetPort: 500
+      protocol: UDP
+    #- port: 22
+    #  name: ssh
+    #  targetPort: 22
+    #  protocol: TCP
+    - port: 443
+      name: https
+      targetPort: 443
+      protocol: TCP
+  selector:
+    kubevirt.io/domain: fortigate-ksd

firewall-s3/test-connectivity/network-definitions/lan.yaml

@@ -0,0 +1,20 @@
+# apiVersion: "k8s.cni.cncf.io/v1"
+# kind: NetworkAttachmentDefinition
+# metadata:
+#   name: lan-net
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   config: '{
+#     "cniVersion": "0.3.1",
+#     "type": "bridge",
+#     "bridge": "br-lan",
+#     "ipam": {
+#       "type": "static",
+#       "addresses": [
+#         {
+#           "address": "172.168.100.2/24",
+#           "gateway": "172.168.100.1"
+#         }
+#       ]
+#     }
+#   }'

firewall-s3/test-connectivity/network-definitions/mgmt.yaml

@@ -0,0 +1,20 @@
+# apiVersion: "k8s.cni.cncf.io/v1"
+# kind: NetworkAttachmentDefinition
+# metadata:
+#   name: mgmt-net
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   config: '{
+#     "cniVersion": "0.3.1",
+#     "type": "bridge",
+#     "bridge": "br-mgmt",
+#     "ipam": {
+#       "type": "static",
+#       "addresses": [
+#         {
+#           "address": "192.168.10.100/24",
+#           "gateway": "192.168.10.1"
+#         }
+#       ]
+#     }
+#   }'

firewall-s3/test-connectivity/vm/fortigate.yaml

@@ -0,0 +1,77 @@
+# apiVersion: kubevirt.io/v1
+# kind: VirtualMachine
+# metadata:
+#   name: fortigate-ksd
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   dataVolumeTemplates:
+#     - metadata:
+#         name: fortigate-rootdisk-ksd
+#       spec:
+#         source:
+#           http:
+#             url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2"
+#             #secretRef: s3-virt-credentials
+#         storage:
+#           resources:
+#             requests:
+#               storage: 30Gi
+#   runStrategy: Always
+#   template:
+#     metadata:
+#       labels:
+#         kubevirt.io/domain: fortigate-ksd
+#     spec:
+#       domain:
+#         cpu:
+#           cores: 1
+#         memory:
+#           guest: 2Gi
+#         features:
+#           acpi: {}
+#           smm:
+#             enabled: true
+#         firmware:
+#           bootloader:
+#             efi:
+#               secureBoot: false
+#         devices:
+#           rng: {}
+#           networkInterfaceMultiqueue: true
+#           interfaces:
+#             - name: wan
+#               masquerade: {}
+#               ports:
+#               - port: 4500
+#               - port: 443
+#               - port: 22
+#               - port: 500
+#             - name: mgmt
+#               bridge: {}
+#             - name: lan
+#               bridge: {}
+#           disks:
+#             - disk:
+#                 bus: sata
+#               name: rootdisk
+#         resources:
+#           requests:
+#             memory: 2Gi
+#             cpu: 1
+#           limits:
+#             memory: 2Gi
+#             cpu: 1
+#       networks:
+#         - name: wan
+#           pod: {}
+#         - name: mgmt
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/mgmt-net
+#         - name: lan
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/lan-net
+#       terminationGracePeriodSeconds: 180
+#       volumes:
+#         - name: rootdisk
+#           dataVolume:
+#             name: fortigate-rootdisk-ksd

firewall-s3/test-connectivity/vm/strongswan.yaml

@@ -0,0 +1,73 @@
+# apiVersion: kubevirt.io/v1
+# kind: VirtualMachine
+# metadata:
+#   name: strongswan
+#   namespace: ${TENANT_NAMESPACE}
+# spec:
+#   running: true
+#   template:
+#     metadata:
+#       labels:
+#         kubevirt.io/domain: strongswan
+#     spec:
+#       domain:
+#         cpu:
+#           cores: 2
+#         resources:
+#           requests:
+#             memory: 2Gi
+#             cpu: 1
+#           limits:
+#             memory: 2Gi
+#             cpu: 2
+#         memory:
+#           guest: 2Gi
+#         devices:
+#           rng: {}
+#           networkInterfaceMultiqueue: true
+#           disks:
+#             - name: containerdisk
+#               disk:
+#                 bus: virtio
+#             - name: cloudinitdisk
+#               disk:
+#                 bus: virtio
+#           interfaces:
+#             - name: wan
+#               masquerade: {}
+#               ports:
+#                 - port: 4500
+#                 - port: 443
+#                 - port: 22
+#                 - port: 500
+#             - name: mgmt
+#               bridge: {}
+#             - name: lan
+#               bridge: {}
+#       networks:
+#         - name: wan
+#           pod: {}
+#         - name: mgmt
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/mgmt-net
+#         - name: lan
+#           multus:
+#             networkName: ${TENANT_NAMESPACE}/lan-net
+#       terminationGracePeriodSeconds: 180
+#       volumes:
+#         - name: containerdisk
+#           containerDisk:
+#             image: quay.io/containerdisks/ubuntu:22.04
+#         - name: cloudinitdisk
+#           cloudInitNoCloud:
+#             userData: |
+#               #cloud-config
+#               users:
+#                 - name: testuser
+#                   groups: [sudo]
+#                   sudo: "ALL=(ALL) NOPASSWD:ALL"
+#                   lock_passwd: false
+#                   passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
+#               chpasswd:
+#                 expire: false
+#               ssh_pwauth: true

firewall-s3/vm/ksd/loadbalancers/fortigate-wan.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: fortigate-lb
+  namespace: ${TENANT_NAMESPACE}
+  labels:
+    app.kubernetes.io/component: fortigate-lb
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ports:
+    - port: 4500
+      name: ipsec-nat
+      targetPort: 4500
+      protocol: UDP
+    - port: 500
+      name: key-management
+      targetPort: 500
+      protocol: UDP
+    #- port: 22
+    #  name: ssh
+    #  targetPort: 22
+    #  protocol: TCP
+    - port: 443
+      name: https
+      targetPort: 443
+      protocol: TCP
+  selector:
+    kubevirt.io/domain: fortigate-ksd

firewall-s3/vm/ksd/network-definitions/lan.yaml

@@ -0,0 +1,20 @@
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: lan-net
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  config: '{
+    "cniVersion": "0.3.1",
+    "type": "bridge",
+    "bridge": "br-lan",
+    "ipam": {
+      "type": "static",
+      "addresses": [
+        {
+          "address": "172.168.100.2/24",
+          "gateway": "172.168.100.1"
+        }
+      ]
+    }
+  }'

firewall-s3/vm/ksd/network-definitions/mgmt.yaml

@@ -0,0 +1,20 @@
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: mgmt-net
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  config: '{
+    "cniVersion": "0.3.1",
+    "type": "bridge",
+    "bridge": "br-mgmt",
+    "ipam": {
+      "type": "static",
+      "addresses": [
+        {
+          "address": "192.168.10.100/24",
+          "gateway": "192.168.10.1"
+        }
+      ]
+    }
+  }'

firewall-s3/vm/ksd/vm/fortigate.yaml

@@ -0,0 +1,77 @@
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: fortigate-ksd
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  dataVolumeTemplates:
+    - metadata:
+        name: fortigate-rootdisk-ksd
+      spec:
+        source:
+          http:
+            url: "https://glacier-1.kvant.cloud/ocp-virt-images/sources/fortios_7_6_3.qcow2"
+            #secretRef: s3-virt-credentials
+        storage:
+          resources:
+            requests:
+              storage: 30Gi
+  runStrategy: Always
+  template:
+    metadata:
+      labels:
+        kubevirt.io/domain: fortigate-ksd
+    spec:
+      domain:
+        cpu:
+          cores: 1
+        memory:
+          guest: 2Gi
+        features:
+          acpi: {}
+          smm:
+            enabled: true
+        firmware:
+          bootloader:
+            efi:
+              secureBoot: false
+        devices:
+          rng: {}
+          networkInterfaceMultiqueue: true
+          interfaces:
+            - name: wan
+              masquerade: {}
+              ports:
+              - port: 4500
+              - port: 443
+              - port: 22
+              - port: 500
+            - name: mgmt
+              bridge: {}
+            - name: lan
+              bridge: {}
+          disks:
+            - disk:
+                bus: sata
+              name: rootdisk
+        resources:
+          requests:
+            memory: 2Gi
+            cpu: 1
+          limits:
+            memory: 2Gi
+            cpu: 1
+      networks:
+        - name: wan
+          pod: {}
+        - name: mgmt
+          multus:
+            networkName: ${TENANT_NAMESPACE}/mgmt-net
+        - name: lan
+          multus:
+            networkName: ${TENANT_NAMESPACE}/lan-net
+      terminationGracePeriodSeconds: 180
+      volumes:
+        - name: rootdisk
+          dataVolume:
+            name: fortigate-rootdisk-ksd

firewall-s3/vm/ksd/vm/strongswan.yaml

@@ -0,0 +1,73 @@
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: strongswan
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  running: true
+  template:
+    metadata:
+      labels:
+        kubevirt.io/domain: strongswan
+    spec:
+      domain:
+        cpu:
+          cores: 2
+        resources:
+          requests:
+            memory: 2Gi
+            cpu: 1
+          limits:
+            memory: 2Gi
+            cpu: 2
+        memory:
+          guest: 2Gi
+        devices:
+          rng: {}
+          networkInterfaceMultiqueue: true
+          disks:
+            - name: containerdisk
+              disk:
+                bus: virtio
+            - name: cloudinitdisk
+              disk:
+                bus: virtio
+          interfaces:
+            - name: wan
+              masquerade: {}
+              ports:
+                - port: 4500
+                - port: 443
+                - port: 22
+                - port: 500
+            - name: mgmt
+              bridge: {}
+            - name: lan
+              bridge: {}
+      networks:
+        - name: wan
+          pod: {}
+        - name: mgmt
+          multus:
+            networkName: ${TENANT_NAMESPACE}/mgmt-net
+        - name: lan
+          multus:
+            networkName: ${TENANT_NAMESPACE}/lan-net
+      terminationGracePeriodSeconds: 180
+      volumes:
+        - name: containerdisk
+          containerDisk:
+            image: quay.io/containerdisks/ubuntu:24.04
+        - name: cloudinitdisk
+          cloudInitNoCloud:
+            userData: |
+              #cloud-config
+              users:
+                - name: testuser
+                  groups: [sudo]
+                  sudo: "ALL=(ALL) NOPASSWD:ALL"
+                  lock_passwd: false
+                  passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
+              chpasswd:
+                expire: false
+              ssh_pwauth: true

kustomization.yaml

@@ -3,6 +3,14 @@ kind: Kustomization
 resources:
   - vars/ks.yaml
   - repos/ks.yaml
+  - network/ks-lb.yaml
+  - firewall/ks-vm.yaml
+  - firewall-dev/ks-vm.yaml
+  - firewall-s3/ks-vm.yaml
+  - windows-vm-standard/ks-vm.yaml
+  - windows-vm-standard/ks-pvc.yaml
+  - windows-vm-standard-dev/ks-vm.yaml
+  - windows-vm-standard-dev/ks-pvc.yaml
   - ubuntu-vm-1/ks.yaml
   - ubuntu-vm-2/ks.yaml
   - container/ks-debug.yaml

network/ks-lb.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app lb
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./network/loadbalancers
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

network/loadbalancers/fortigate-lb.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: fortigate-lb
+  namespace: ${TENANT_NAMESPACE}
+  labels:
+    app.kubernetes.io/component: fortigate-lb
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 4500
+      name: ipsec-nat
+      targetPort: 4500
+      protocol: UDP
+    - port: 500
+      name: key-management
+      targetPort: 500
+      protocol: UDP
+    - port: 22
+      name: ssh
+      targetPort: 22
+      protocol: TCP
+    - port: 443
+      name: https
+      targetPort: 443
+      protocol: TCP
+  selector:
+    kubevirt.io/domain: fortigate-s3

network/loadbalancers/windows-lb.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: windows-lb
+  namespace: ${TENANT_NAMESPACE}
+  labels:
+    app.kubernetes.io/component: windows-lb
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 8080
+      name: http
+      targetPort: 8080
+      protocol: TCP
+    - port: 443
+      name: https
+      targetPort: 443
+      protocol: TCP
+    - port: 65022
+      name: ssh
+      targetPort: 22
+      protocol: TCP
+    - port: 3389
+      name: rdp
+      targetPort: 3389
+      protocol: TCP
+  selector:
+    kubevirt.io/domain: windows-vm-standard

templates/image-server/nginx/helmrelease.yaml

@@ -17,11 +17,10 @@ spec:
   values:
     service:
       type: ClusterIP
-      ports:
-        http: 8080
     ingress:
       enabled: true
-      hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud
+      hostname: nginx.${TENANT_DOMAIN}
+      ingressClassName: external
     extraVolumes:
       - name: ${TENANT_NAMESPACE}-image-storage
         persistentVolumeClaim:

templates/windowsserver-rh/flavor/small.yaml

@@ -77,7 +77,7 @@ objects:
     spec:
       source:
         http:
-          url: http://nginx.demo.svc.cluster.local:8080/win2022.qcow2
+          url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2
       pvc:
         accessModes:
           - ReadWriteOnce

ubuntu-vm-1/ubuntu/ubuntu-vm.yaml

@@ -38,11 +38,13 @@ spec:
           cloudInitNoCloud:
             userData: |
               #cloud-config
-              hostname: ubuntu-vm-1
-              ssh_pwauth: True
               users:
-                - name: ubuntu
-                  ssh-authorized-keys:
-                    - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu
-                  sudo: ['ALL=(ALL) NOPASSWD:ALL']
-                  shell: /bin/bash
+                - name: testuser
+                groups: [sudo]
+                sudo: "ALL=(ALL) NOPASSWD:ALL"
+                lock_passwd: false
+                passwd: "$6$oMZf5uou7t0.oAJ1$825Te06yt7JZwHSSj4MGQMjpd87LflANQpajCwIVPASkKZdOJo4L2bAEDDuK.jtu.fsRNc9bZAsYefmoqdN8O1"
+
+                chpasswd: 
+                expire: false
+                ssh_pwauth: true

vars/demo/s3-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3-virt-credentials
+  namespace: ${TENANT_NAMESPACE}
+type: Opaque
+data:
+  accessKeyId: WWozQTdUdHgzbjNOa3NsS2VodzM=
+  secretKey: SUZJRWtSbnJnWDRPcnlNWmtSSjlheG41UlpnSTZhMjBvVW82Tm1lRA==

windows-vm-standard-dev/ks-pvc.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app windows-pvc-dev
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./windows-vm-standard-dev/pvc
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

windows-vm-standard-dev/ks-vm.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app windows-vm-standard-dev
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./windows-vm-standard-dev/vm
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

windows-vm-standard-dev/pvc/datadisk.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: windows-vm-datadisk-dev
+spec:
+  storageClassName: ibm-spectrum-scale-fileset
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 200Gi

windows-vm-standard-dev/vm/server.yaml

@@ -0,0 +1,83 @@
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: windows-vm-standard-dev
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  dataVolumeTemplates:
+    - metadata:
+        name: windows-rootdisk-dev
+      spec:
+        source:
+          http:
+            url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2
+        storage:
+          resources:
+            requests:
+              storage: 80Gi
+        sourceRef:
+          kind: DataSource
+          name: win2k22
+          namespace: kubevirt-os-images
+  runStrategy: Always
+  template:
+    metadata:
+      labels:
+        kubevirt.io/domain: windows-vm-standard-dev
+    spec:
+      domain:
+        cpu:
+          cores: 4
+        memory:
+          guest: 8Gi
+        features:
+          acpi: {}
+          smm:
+            enabled: true
+        firmware:
+          bootloader:
+            efi:
+              secureBoot: true
+        devices:
+          rng: {}
+          networkInterfaceMultiqueue: true
+          interfaces:
+            - name: default
+              masquerade: {}
+              ports:
+              - port: 8080
+              - port: 443
+              - port: 22
+              - port: 3389
+          disks:
+            - disk:
+                bus: sata
+              name: rootdisk-dev
+            - disk:
+                bus: sata
+              name: datadisk-dev
+           # - disk:
+           #     bus: scsi
+           #   name: cloudinitdisk
+        resources:
+          requests:
+            memory: 8Gi
+            cpu: 4
+          limits:
+            memory: 8Gi
+            cpu: 4
+      networks:
+        - name: default
+          pod: {}
+      terminationGracePeriodSeconds: 180
+      volumes:
+        - name: rootdisk-dev
+          dataVolume:
+            name: windows-rootdisk-dev
+        - name: datadisk-dev
+          persistentVolumeClaim:
+            claimName: windows-vm-datadisk-dev
+        #- name: cloudinitdisk
+        #  cloudInitNoCloud:
+        #    secretRef:
+        #      name: windows-cloud-init

windows-vm-standard/ks-pvc.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app windows-pvc
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./windows-vm-standard/pvc
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

windows-vm-standard/ks-vm.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app windows-vm-standard
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./windows-vm-standard/vm
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

windows-vm-standard/pvc/datadisk.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: windows-vm-datadisk
+spec:
+  storageClassName: ibm-spectrum-scale-fileset
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 200Gi

windows-vm-standard/vm/server.yaml

@@ -0,0 +1,82 @@
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: windows-vm-standard
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  dataVolumeTemplates:
+    - metadata:
+        name: windows-rootdisk
+      spec:
+        source:
+          http:
+            url: http://nginx.demo.svc.cluster.local:8080/windows-server-2022-uefi-ns.qcow2
+        storage:
+          resources:
+            requests:
+              storage: 80Gi
+        sourceRef:
+          kind: DataSource
+          name: win2k22
+          namespace: kubevirt-os-images
+  runStrategy: Always
+  template:
+    metadata:
+      labels:
+        kubevirt.io/domain: windows-vm-standard
+    spec:
+      domain:
+        cpu:
+          cores: 4
+        memory:
+          guest: 8Gi
+        features:
+          acpi: {}
+          smm:
+            enabled: true
+        firmware:
+          bootloader:
+            efi: {}
+        devices:
+          rng: {}
+          networkInterfaceMultiqueue: true
+          interfaces:
+            - name: default
+              masquerade: {}
+              ports:
+              - port: 8080
+              - port: 443
+              - port: 22
+              - port: 3389
+          disks:
+            - disk:
+                bus: sata
+              name: rootdisk
+            - disk:
+                bus: sata
+              name: datadisk
+           # - disk:
+           #     bus: scsi
+           #   name: cloudinitdisk
+        resources:
+          requests:
+            memory: 8Gi
+            cpu: 4
+          limits:
+            memory: 8Gi
+            cpu: 4
+      networks:
+        - name: default
+          pod: {}
+      terminationGracePeriodSeconds: 180
+      volumes:
+        - name: rootdisk
+          dataVolume:
+            name: windows-rootdisk
+        - name: datadisk
+          persistentVolumeClaim:
+            claimName: windows-vm-datadisk
+        #- name: cloudinitdisk
+        #  cloudInitNoCloud:
+        #    secretRef:
+        #      name: windows-cloud-init