diff --git a/container/debug/alpine.yaml b/container/debug/alpine.yaml
new file mode 100644
index 0000000..8f2b5f9
--- /dev/null
+++ b/container/debug/alpine.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: alpine-test
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  containers:
+    - name: alpine
+      image: alpine:latest
+      command: ["/bin/sh"]
+      args: ["-c", "while true; do sleep 3600; done"]
+      stdin: true
+      tty: true
+  restartPolicy: Never
\ No newline at end of file
diff --git a/container/ks-debug.yaml b/container/ks-debug.yaml
new file mode 100644
index 0000000..9c78fde
--- /dev/null
+++ b/container/ks-debug.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app debug
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./container/debug
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/kustomization.yaml b/kustomization.yaml
index c80a6dd..80d2821 100644
--- a/kustomization.yaml
+++ b/kustomization.yaml
@@ -5,4 +5,10 @@ resources:
   - repos/ks.yaml
   - echo-server/ks.yaml
   - ubuntu-vm-1/ks.yaml
-  - ubuntu-vm-2/ks.yaml
\ No newline at end of file
+  - ubuntu-vm-2/ks.yaml
+  - ubuntu-vm-3/ks.yaml
+  - container/ks-debug.yaml
+  - templates/image-server/ks-nginx.yaml
+  - templates/image-server/ks-pvc.yaml
+  - templates/image-server/ks-route.yaml
+  - templates/windowsserver/ks-flavor.yaml
\ No newline at end of file
diff --git a/repos/helm/bitnami.yaml b/repos/helm/bitnami.yaml
new file mode 100644
index 0000000..b9f3976
--- /dev/null
+++ b/repos/helm/bitnami.yaml
@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: bitnami
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  type: oci
+  interval: 60m
+  url: oci://registry-1.docker.io/bitnamicharts
\ No newline at end of file
diff --git a/repos/helm/bjw-s.yaml b/repos/helm/bjw-s.yaml
index 932c059..90cdc7f 100644
--- a/repos/helm/bjw-s.yaml
+++ b/repos/helm/bjw-s.yaml
@@ -4,9 +4,8 @@ apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
 metadata:
   name: bjw-s
-  namespace: ${TENANT_NAMESPACE}-ns
+  namespace: ${TENANT_NAMESPACE}
 spec:
-  type: oci
   interval: 5m
-  url: oci://ghcr.io/bjw-s/helm
+  url: https://bjw-s-labs.github.io/helm-charts
 
diff --git a/templates/image-server/ks-nginx.yaml b/templates/image-server/ks-nginx.yaml
new file mode 100644
index 0000000..3a7463c
--- /dev/null
+++ b/templates/image-server/ks-nginx.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app nginx
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./templates/image-server/nginx
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/templates/image-server/ks-pvc.yaml b/templates/image-server/ks-pvc.yaml
new file mode 100644
index 0000000..200d87b
--- /dev/null
+++ b/templates/image-server/ks-pvc.yaml
@@ -0,0 +1,19 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app pvc
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./templates/image-server/pvc
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  targetNamespace: ${TENANT_NAMESPACE}
+  timeout: 5m
diff --git a/templates/image-server/ks-route.yaml b/templates/image-server/ks-route.yaml
new file mode 100644
index 0000000..c3c4cf4
--- /dev/null
+++ b/templates/image-server/ks-route.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app route
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./templates/image-server/route
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/templates/image-server/nginx/helmrelease.yaml b/templates/image-server/nginx/helmrelease.yaml
new file mode 100644
index 0000000..2822a7e
--- /dev/null
+++ b/templates/image-server/nginx/helmrelease.yaml
@@ -0,0 +1,31 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: nginx
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  serviceAccountName: ${TECHNICAL_ACCOUNT}
+  interval: 10m
+  chart:
+    spec:
+      chart: nginx
+      version: 19.1.1
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: ${TENANT_NAMESPACE}
+  values:
+    service:
+      type: ClusterIP
+      ports:
+        http: 8080
+    ingress:
+      enabled: true
+      hostname: nginx.${TENANT_DOMAIN}.apps.ai-2.kvant.cloud
+    extraVolumes:
+      - name: ${TENANT_NAMESPACE}-image-storage
+        persistentVolumeClaim:
+          claimName: ${TENANT_NAMESPACE}-image-storage
+    extraVolumeMounts:
+      - name: ${TENANT_NAMESPACE}-image-storage
+        mountPath: /app
diff --git a/templates/image-server/pvc/image-storage.yaml b/templates/image-server/pvc/image-storage.yaml
new file mode 100644
index 0000000..1059377
--- /dev/null
+++ b/templates/image-server/pvc/image-storage.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: ${TENANT_NAMESPACE}-image-storage
+  annotations:
+    helm.sh/resource-policy: keep
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 120Gi
diff --git a/templates/image-server/route/http.yaml b/templates/image-server/route/http.yaml
new file mode 100644
index 0000000..5588c19
--- /dev/null
+++ b/templates/image-server/route/http.yaml
@@ -0,0 +1,14 @@
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: nginx
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  to:
+    kind: Service
+    name: nginx
+  port:
+    targetPort: 8080
+  tls:
+    termination: edge
+    insecureEdgeTerminationPolicy: Allow
\ No newline at end of file
diff --git a/templates/windowsserver/flavor/small.yaml b/templates/windowsserver/flavor/small.yaml
new file mode 100644
index 0000000..cb90c4b
--- /dev/null
+++ b/templates/windowsserver/flavor/small.yaml
@@ -0,0 +1,95 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: windows-server-2022-small
+  namespace: '${TENANT_NAMESPACE}'
+  labels:
+    template.kubevirt.io/type: 'vm'
+    os.template.kubevirt.io/win2k22: 'true'
+    workload.template.kubevirt.io/server: 'true'
+  annotations:
+    name.os.template.kubevirt.io/win2k22: Windows Server 2022
+    description: Windows Server 2022 VM template (Small)
+    openshift.io/display-name: Windows Server 2022
+    iconClass: icon-windows
+objects:
+  - apiVersion: kubevirt.io/v1
+    kind: VirtualMachine
+    metadata:
+      name: windows-server-demo
+      annotations:
+        description: Windows Server 2022 VM Demo
+      labels:
+        app: windows-server-demo
+        vm.kubevirt.io/template: 'windows-server-2022-template'
+        os.template.kubevirt.io/win2k22: 'true'
+    spec:
+      running: false
+      template:
+        metadata:
+          annotations:
+            vm.kubevirt.io/flavor: small
+            vm.kubevirt.io/os: win2k22
+            vm.kubevirt.io/workload: server
+          labels:
+            kubevirt.io/domain: windows-server-demo
+            kubevirt.io/size: small
+        spec:
+          domain:
+            cpu:
+              cores: 2
+              sockets: 1
+              threads: 1
+            devices:
+              disks:
+                - disk:
+                    bus: virtio
+                  name: rootdisk
+              interfaces:
+                - masquerade: {}
+                  model: virtio
+                  name: default
+              networkInterfaceMultiqueue: true
+              rng: {}
+            features:
+              acpi: {}
+              smm:
+                enabled: true
+            firmware:
+              bootloader:
+                efi: {}
+            memory:
+              guest: 4Gi
+          hostname: windows-server-demo
+          networks:
+            - name: default
+              pod: {}
+          terminationGracePeriodSeconds: 180
+          volumes:
+            - name: rootdisk
+              dataVolume:
+                name: windows-server-datavolume-small
+  - apiVersion: cdi.kubevirt.io/v1beta1
+    kind: DataVolume
+    metadata:
+      name: windows-server-datavolume-small
+      namespace: '${TENANT_NAMESPACE}'
+    spec:
+      source:
+        http:
+          url: http://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2
+      pvc:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: '${PVC_SIZE}'
+parameters:
+  #- name: IMAGE_URL
+  # description: Public or internal HTTP(S) URL to a sysprepped Windows .qcow2 image
+  #  required: true
+  #  value: https://nginx.demo.pub.ai-2.kvant.cloud.apps.ai-2.kvant.cloud/win2022.qcow2
+  - name: PVC_SIZE
+    description: Size of the root disk PVC
+    required: true
+    value: 120Gi
diff --git a/templates/windowsserver/ks-flavor.yaml b/templates/windowsserver/ks-flavor.yaml
new file mode 100644
index 0000000..97e0d27
--- /dev/null
+++ b/templates/windowsserver/ks-flavor.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app flavor
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./templates/windowsserver/flavor
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/ubuntu-vm-3/ks.yaml b/ubuntu-vm-3/ks.yaml
new file mode 100644
index 0000000..12912dc
--- /dev/null
+++ b/ubuntu-vm-3/ks.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app ubuntu-vm-3
+  namespace: ${TENANT_NAMESPACE}
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./ubuntu-vm-3/ubuntu
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: tenant-repos
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml
new file mode 100644
index 0000000..27029e6
--- /dev/null
+++ b/ubuntu-vm-3/ubuntu/ubuntu-vm.yaml
@@ -0,0 +1,48 @@
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: ubuntu-vm-3
+  namespace: demo
+spec:
+  running: true
+  template:
+    metadata:
+      labels:
+        kubevirt.io/domain: ubuntu-vm-3
+    spec:
+      domain:
+        cpu:
+          cores: 1
+        devices:
+          disks:
+            - disk:
+                bus: virtio
+              name: containerdisk
+            - disk:
+                bus: virtio
+              name: cloudinitdisk
+        resources:
+          requests:
+            memory: 2Gi
+            cpu: 1
+          limits:
+            memory: 2Gi
+            cpu: 1
+        memory:
+          guest: 2Gi
+      volumes:
+        - name: containerdisk
+          containerDisk:
+            image: quay.io/containerdisks/ubuntu:24.04
+        - name: cloudinitdisk
+          cloudInitNoCloud:
+            userData: |
+              #cloud-config
+              hostname: ubuntu-vm-3
+              ssh_pwauth: True
+              users:
+                - name: ubuntu
+                  ssh-authorized-keys:
+                    - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPqlhZW/pPLK8zENt3o6tgl0QVinhGAF1sHvajqq3UvI ubuntu
+                  sudo: ['ALL=(ALL) NOPASSWD:ALL']
+                  shell: /bin/bash
\ No newline at end of file