diff --git a/.asf.yaml b/.asf.yaml
index 857324b27e2c..a19e3a60a2ba 100644
--- a/.asf.yaml
+++ b/.asf.yaml
@@ -54,7 +54,6 @@ github:
     - erikbocks
     - Imvedansh
     - Damans227
-    - DaanHoogland
 
   protected_branches: ~
 
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 2af9f54edc44..a0602871ef1e 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -20,3 +20,5 @@
 
 .pre-commit-config.yaml @jbampton
 /.github/linters/ @jbampton
+
+/plugins/network-elements/nsx/ @Pearl1594 @nvazquez
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4edd448067ae..6957d3f54464 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -146,6 +146,7 @@ jobs:
                   smoke/test_vm_snapshot_kvm
                   smoke/test_vm_snapshots
                   smoke/test_volumes
+                  smoke/test_vpc_conserve_mode
                   smoke/test_vpc_ipv6
                   smoke/test_vpc_redundant
                   smoke/test_vpc_router_nics
diff --git a/api/src/main/java/com/cloud/configuration/ConfigurationService.java b/api/src/main/java/com/cloud/configuration/ConfigurationService.java
index 438283136d2c..729f72b23ca2 100644
--- a/api/src/main/java/com/cloud/configuration/ConfigurationService.java
+++ b/api/src/main/java/com/cloud/configuration/ConfigurationService.java
@@ -24,15 +24,18 @@
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.command.admin.config.ResetCfgCmd;
 import org.apache.cloudstack.api.command.admin.config.UpdateCfgCmd;
+import org.apache.cloudstack.api.command.admin.network.CloneNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.CreateGuestNetworkIpv6PrefixCmd;
 import org.apache.cloudstack.api.command.admin.network.CreateManagementNetworkIpRangeCmd;
-import org.apache.cloudstack.api.command.admin.network.CreateNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.DeleteGuestNetworkIpv6PrefixCmd;
 import org.apache.cloudstack.api.command.admin.network.DeleteManagementNetworkIpRangeCmd;
 import org.apache.cloudstack.api.command.admin.network.DeleteNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.ListGuestNetworkIpv6PrefixesCmd;
+import org.apache.cloudstack.api.command.admin.network.NetworkOfferingBaseCmd;
 import org.apache.cloudstack.api.command.admin.network.UpdateNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.UpdatePodManagementNetworkIpRangeCmd;
+import org.apache.cloudstack.api.command.admin.offering.CloneDiskOfferingCmd;
+import org.apache.cloudstack.api.command.admin.offering.CloneServiceOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.CreateDiskOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.CreateServiceOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.DeleteDiskOfferingCmd;
@@ -105,6 +108,33 @@ public interface ConfigurationService {
      */
     ServiceOffering createServiceOffering(CreateServiceOfferingCmd cmd);
 
+    /**
+     * Clones a service offering with optional parameter overrides
+     *
+     * @param cmd
+     *            the command object that specifies the source offering ID and optional parameter overrides
+     * @return the newly created service offering cloned from source, null otherwise
+     */
+    ServiceOffering cloneServiceOffering(CloneServiceOfferingCmd cmd);
+
+    /**
+     * Clones a disk offering with optional parameter overrides
+     *
+     * @param cmd
+     *            the command object that specifies the source offering ID and optional parameter overrides
+     * @return the newly created disk offering cloned from source, null otherwise
+     */
+    DiskOffering cloneDiskOffering(CloneDiskOfferingCmd cmd);
+
+    /**
+     * Clones a network offering with optional parameter overrides
+     *
+     * @param cmd
+     *            the command object that specifies the source offering ID and optional parameter overrides
+     * @return the newly created network offering cloned from source, null otherwise
+     */
+    NetworkOffering cloneNetworkOffering(CloneNetworkOfferingCmd cmd);
+
     /**
      * Updates a service offering
      *
@@ -282,7 +312,7 @@ Vlan updateVlanAndPublicIpRange(UpdateVlanIpRangeCmd cmd) throws ConcurrentOpera
 
     boolean releasePublicIpRange(ReleasePublicIpRangeCmd cmd);
 
-    NetworkOffering createNetworkOffering(CreateNetworkOfferingCmd cmd);
+    NetworkOffering createNetworkOffering(NetworkOfferingBaseCmd cmd);
 
     NetworkOffering updateNetworkOffering(UpdateNetworkOfferingCmd cmd);
 
diff --git a/api/src/main/java/com/cloud/event/EventTypes.java b/api/src/main/java/com/cloud/event/EventTypes.java
index 6524d9de15e0..42395bf89992 100644
--- a/api/src/main/java/com/cloud/event/EventTypes.java
+++ b/api/src/main/java/com/cloud/event/EventTypes.java
@@ -375,11 +375,13 @@ public class EventTypes {
 
     // Service Offerings
     public static final String EVENT_SERVICE_OFFERING_CREATE = "SERVICE.OFFERING.CREATE";
+    public static final String EVENT_SERVICE_OFFERING_CLONE = "SERVICE.OFFERING.CLONE";
     public static final String EVENT_SERVICE_OFFERING_EDIT = "SERVICE.OFFERING.EDIT";
     public static final String EVENT_SERVICE_OFFERING_DELETE = "SERVICE.OFFERING.DELETE";
 
     // Disk Offerings
     public static final String EVENT_DISK_OFFERING_CREATE = "DISK.OFFERING.CREATE";
+    public static final String EVENT_DISK_OFFERING_CLONE = "DISK.OFFERING.CLONE";
     public static final String EVENT_DISK_OFFERING_EDIT = "DISK.OFFERING.EDIT";
     public static final String EVENT_DISK_OFFERING_DELETE = "DISK.OFFERING.DELETE";
 
@@ -400,6 +402,7 @@ public class EventTypes {
 
     // Network offerings
     public static final String EVENT_NETWORK_OFFERING_CREATE = "NETWORK.OFFERING.CREATE";
+    public static final String EVENT_NETWORK_OFFERING_CLONE = "NETWORK.OFFERING.CLONE";
     public static final String EVENT_NETWORK_OFFERING_ASSIGN = "NETWORK.OFFERING.ASSIGN";
     public static final String EVENT_NETWORK_OFFERING_EDIT = "NETWORK.OFFERING.EDIT";
     public static final String EVENT_NETWORK_OFFERING_REMOVE = "NETWORK.OFFERING.REMOVE";
@@ -599,6 +602,7 @@ public class EventTypes {
 
     // VPC offerings
     public static final String EVENT_VPC_OFFERING_CREATE = "VPC.OFFERING.CREATE";
+    public static final String EVENT_VPC_OFFERING_CLONE = "VPC.OFFERING.CLONE";
     public static final String EVENT_VPC_OFFERING_UPDATE = "VPC.OFFERING.UPDATE";
     public static final String EVENT_VPC_OFFERING_DELETE = "VPC.OFFERING.DELETE";
 
@@ -631,6 +635,7 @@ public class EventTypes {
 
     // Backup and Recovery events
     public static final String EVENT_VM_BACKUP_IMPORT_OFFERING = "BACKUP.IMPORT.OFFERING";
+    public static final String EVENT_VM_BACKUP_OFFERING_CLONE = "BACKUP.OFFERING.CLONE";
     public static final String EVENT_VM_BACKUP_OFFERING_ASSIGN = "BACKUP.OFFERING.ASSIGN";
     public static final String EVENT_VM_BACKUP_OFFERING_REMOVE = "BACKUP.OFFERING.REMOVE";
     public static final String EVENT_VM_BACKUP_CREATE = "BACKUP.CREATE";
@@ -1046,11 +1051,13 @@ public class EventTypes {
 
         // Service Offerings
         entityEventDetails.put(EVENT_SERVICE_OFFERING_CREATE, ServiceOffering.class);
+        entityEventDetails.put(EVENT_SERVICE_OFFERING_CLONE, ServiceOffering.class);
         entityEventDetails.put(EVENT_SERVICE_OFFERING_EDIT, ServiceOffering.class);
         entityEventDetails.put(EVENT_SERVICE_OFFERING_DELETE, ServiceOffering.class);
 
         // Disk Offerings
         entityEventDetails.put(EVENT_DISK_OFFERING_CREATE, DiskOffering.class);
+        entityEventDetails.put(EVENT_DISK_OFFERING_CLONE, DiskOffering.class);
         entityEventDetails.put(EVENT_DISK_OFFERING_EDIT, DiskOffering.class);
         entityEventDetails.put(EVENT_DISK_OFFERING_DELETE, DiskOffering.class);
 
@@ -1071,6 +1078,7 @@ public class EventTypes {
 
         // Network offerings
         entityEventDetails.put(EVENT_NETWORK_OFFERING_CREATE, NetworkOffering.class);
+        entityEventDetails.put(EVENT_NETWORK_OFFERING_CLONE, NetworkOffering.class);
         entityEventDetails.put(EVENT_NETWORK_OFFERING_ASSIGN, NetworkOffering.class);
         entityEventDetails.put(EVENT_NETWORK_OFFERING_EDIT, NetworkOffering.class);
         entityEventDetails.put(EVENT_NETWORK_OFFERING_REMOVE, NetworkOffering.class);
diff --git a/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
index ce905b293ff3..80f6a6045c72 100644
--- a/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
+++ b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java
@@ -98,7 +98,7 @@ enum State {
             s_fsm.addTransition(State.Running, Event.ScaleDownRequested, State.Scaling);
             s_fsm.addTransition(State.Stopped, Event.ScaleUpRequested, State.ScalingStoppedCluster);
             s_fsm.addTransition(State.Scaling, Event.OperationSucceeded, State.Running);
-            s_fsm.addTransition(State.Scaling, Event.OperationFailed, State.Alert);
+            s_fsm.addTransition(State.Scaling, Event.OperationFailed, State.Running);
             s_fsm.addTransition(State.ScalingStoppedCluster, Event.OperationSucceeded, State.Stopped);
             s_fsm.addTransition(State.ScalingStoppedCluster, Event.OperationFailed, State.Alert);
 
diff --git a/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelper.java b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelper.java
index 37b8907b454a..5a6eaa3f7b9a 100644
--- a/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelper.java
+++ b/api/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelper.java
@@ -18,6 +18,7 @@
 
 import org.apache.cloudstack.acl.ControlledEntity;
 
+import java.util.List;
 import java.util.Map;
 
 import com.cloud.user.Account;
@@ -33,8 +34,10 @@ enum KubernetesClusterNodeType {
     ControlledEntity findByUuid(String uuid);
     ControlledEntity findByVmId(long vmId);
     void checkVmCanBeDestroyed(UserVm userVm);
+    void checkVmAffinityGroupsCanBeUpdated(UserVm userVm);
     boolean isValidNodeType(String nodeType);
     Map<String, Long> getServiceOfferingNodeTypeMap(Map<String, Map<String, String>> serviceOfferingNodeTypeMap);
     Map<String, Long> getTemplateNodeTypeMap(Map<String, Map<String, String>> templateNodeTypeMap);
+    Map<String, List<Long>> getAffinityGroupNodeTypeMap(Map<String, Map<String, String>> affinityGroupNodeTypeMap);
     void cleanupForAccount(Account account);
 }
diff --git a/api/src/main/java/com/cloud/network/NetworkService.java b/api/src/main/java/com/cloud/network/NetworkService.java
index 742206c7e3bf..53692f932a4e 100644
--- a/api/src/main/java/com/cloud/network/NetworkService.java
+++ b/api/src/main/java/com/cloud/network/NetworkService.java
@@ -279,4 +279,6 @@ Network createPrivateNetwork(String networkName, String displayText, long physic
     IpAddresses getIpAddressesFromIps(String ipAddress, String ip6Address, String macAddress);
 
     String getNicVlanValueForExternalVm(NicTO nic);
+
+    Long getPreferredNetworkIdForPublicIpRuleAssignment(IpAddress ip, Long networkId);
 }
diff --git a/api/src/main/java/com/cloud/network/lb/LoadBalancingRulesService.java b/api/src/main/java/com/cloud/network/lb/LoadBalancingRulesService.java
index 0bf06be15d87..b7fe3b26761c 100644
--- a/api/src/main/java/com/cloud/network/lb/LoadBalancingRulesService.java
+++ b/api/src/main/java/com/cloud/network/lb/LoadBalancingRulesService.java
@@ -108,7 +108,7 @@ LoadBalancer createPublicLoadBalancerRule(String xId, String name, String descri
     /**
      * Assign a virtual machine or list of virtual machines, or Map of <vmId vmIp> to a load balancer.
      */
-    boolean assignToLoadBalancer(long lbRuleId, List<Long> vmIds, Map<Long, List<String>> vmIdIpMap, boolean isAutoScaleVM);
+    boolean assignToLoadBalancer(long lbRuleId, List<Long> vmIds, Map<Long, List<String>> vmIdIpMap, Map<Long, Long> vmIdNetworkMap, boolean isAutoScaleVM);
 
     boolean assignSSLCertToLoadBalancerRule(Long lbRuleId, String certName, String publicCert, String privateKey);
 
diff --git a/api/src/main/java/com/cloud/network/vpc/VpcOffering.java b/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
index 17f49bb36521..f84602232159 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
@@ -84,4 +84,6 @@ public enum State {
     NetworkOffering.RoutingMode getRoutingMode();
 
     Boolean isSpecifyAsNumber();
+
+    boolean isConserveMode();
 }
diff --git a/api/src/main/java/com/cloud/network/vpc/VpcProvisioningService.java b/api/src/main/java/com/cloud/network/vpc/VpcProvisioningService.java
index 97b95339ecf3..891cfb02d9df 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcProvisioningService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcProvisioningService.java
@@ -20,6 +20,7 @@
 import java.util.List;
 import java.util.Map;
 
+import org.apache.cloudstack.api.command.admin.vpc.CloneVPCOfferingCmd;
 import org.apache.cloudstack.api.command.admin.vpc.CreateVPCOfferingCmd;
 import org.apache.cloudstack.api.command.admin.vpc.UpdateVPCOfferingCmd;
 import org.apache.cloudstack.api.command.user.vpc.ListVPCOfferingsCmd;
@@ -34,12 +35,14 @@ public interface VpcProvisioningService {
 
     VpcOffering createVpcOffering(CreateVPCOfferingCmd cmd);
 
+    VpcOffering cloneVPCOffering(CloneVPCOfferingCmd cmd);
+
     VpcOffering createVpcOffering(String name, String displayText, List<String> supportedServices,
                                   Map<String, List<String>> serviceProviders,
                                   Map serviceCapabilitystList, NetUtils.InternetProtocol internetProtocol,
                                   Long serviceOfferingId, String externalProvider, NetworkOffering.NetworkMode networkMode,
                                   List<Long> domainIds, List<Long> zoneIds, VpcOffering.State state,
-                                  NetworkOffering.RoutingMode routingMode, boolean specifyAsNumber);
+                                  NetworkOffering.RoutingMode routingMode, boolean specifyAsNumber, boolean conserveMode);
 
 
     Pair<List<? extends VpcOffering>,Integer> listVpcOfferings(ListVPCOfferingsCmd cmd);
diff --git a/api/src/main/java/com/cloud/vm/VmDetailConstants.java b/api/src/main/java/com/cloud/vm/VmDetailConstants.java
index db7665724973..9e56bf4f17b2 100644
--- a/api/src/main/java/com/cloud/vm/VmDetailConstants.java
+++ b/api/src/main/java/com/cloud/vm/VmDetailConstants.java
@@ -96,6 +96,7 @@ public interface VmDetailConstants {
     String CKS_NODE_TYPE = "node";
     String OFFERING = "offering";
     String TEMPLATE = "template";
+    String AFFINITY_GROUP = "affinitygroup";
 
     // VMware to KVM VM migrations specific
     String VMWARE_TO_KVM_PREFIX = "vmware-to-kvm";
diff --git a/api/src/main/java/org/apache/cloudstack/affinity/AffinityGroupService.java b/api/src/main/java/org/apache/cloudstack/affinity/AffinityGroupService.java
index 018e5f5bab5a..03992c0c1c7c 100644
--- a/api/src/main/java/org/apache/cloudstack/affinity/AffinityGroupService.java
+++ b/api/src/main/java/org/apache/cloudstack/affinity/AffinityGroupService.java
@@ -66,5 +66,4 @@ public interface AffinityGroupService {
 
     boolean isAffinityGroupAvailableInDomain(long affinityGroupId, long domainId);
 
-
 }
diff --git a/api/src/main/java/org/apache/cloudstack/affinity/AffinityProcessorBase.java b/api/src/main/java/org/apache/cloudstack/affinity/AffinityProcessorBase.java
index 9995d8039e1f..96ca35f264ca 100644
--- a/api/src/main/java/org/apache/cloudstack/affinity/AffinityProcessorBase.java
+++ b/api/src/main/java/org/apache/cloudstack/affinity/AffinityProcessorBase.java
@@ -29,6 +29,9 @@
 
 public class AffinityProcessorBase extends AdapterBase implements AffinityGroupProcessor {
 
+    public static final String AFFINITY_TYPE_HOST = "host affinity";
+    public static final String AFFINITY_TYPE_HOST_ANTI = "host anti-affinity";
+
     protected String _type;
 
     @Override
diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index 25ba233cf80e..3d827641358b 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -559,6 +559,7 @@ public class ApiConstants {
     public static final String USE_STORAGE_REPLICATION = "usestoragereplication";
 
     public static final String SOURCE_CIDR_LIST = "sourcecidrlist";
+    public static final String SOURCE_OFFERING_ID = "sourceofferingid";
     public static final String SOURCE_ZONE_ID = "sourcezoneid";
     public static final String SSL_VERIFICATION = "sslverification";
     public static final String START_ASN = "startasn";
@@ -986,6 +987,7 @@ public class ApiConstants {
     public static final String REGION_ID = "regionid";
     public static final String VPC_OFF_ID = "vpcofferingid";
     public static final String VPC_OFF_NAME = "vpcofferingname";
+    public static final String VPC_OFFERING_CONSERVE_MODE = "vpcofferingconservemode";
     public static final String NETWORK = "network";
     public static final String VPC_ID = "vpcid";
     public static final String VPC_NAME = "vpcname";
@@ -1244,6 +1246,13 @@ public class ApiConstants {
     public static final String MAX_SIZE = "maxsize";
     public static final String NODE_TYPE_OFFERING_MAP = "nodeofferings";
     public static final String NODE_TYPE_TEMPLATE_MAP = "nodetemplates";
+    public static final String NODE_TYPE_AFFINITY_GROUP_MAP = "nodeaffinitygroups";
+    public static final String CONTROL_AFFINITY_GROUP_IDS = "controlaffinitygroupids";
+    public static final String CONTROL_AFFINITY_GROUP_NAMES = "controlaffinitygroupnames";
+    public static final String WORKER_AFFINITY_GROUP_IDS = "workeraffinitygroupids";
+    public static final String WORKER_AFFINITY_GROUP_NAMES = "workeraffinitygroupnames";
+    public static final String ETCD_AFFINITY_GROUP_IDS = "etcdaffinitygroupids";
+    public static final String ETCD_AFFINITY_GROUP_NAMES = "etcdaffinitygroupnames";
 
     public static final String BOOT_TYPE = "boottype";
     public static final String BOOT_MODE = "bootmode";
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/backup/CloneBackupOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/backup/CloneBackupOfferingCmd.java
new file mode 100644
index 000000000000..500a77f3d4fc
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/backup/CloneBackupOfferingCmd.java
@@ -0,0 +1,166 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.backup;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseAsyncCmd;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.offering.DomainAndZoneIdResolver;
+import org.apache.cloudstack.api.response.BackupOfferingResponse;
+import org.apache.cloudstack.api.response.ZoneResponse;
+import org.apache.cloudstack.backup.BackupManager;
+import org.apache.cloudstack.backup.BackupOffering;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.event.EventTypes;
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.function.LongFunction;
+
+@APICommand(name = "cloneBackupOffering",
+        description = "Clones a backup offering from an existing offering",
+        responseObject = BackupOfferingResponse.class, since = "4.23.0",
+        authorized = {RoleType.Admin})
+public class CloneBackupOfferingCmd extends BaseAsyncCmd implements DomainAndZoneIdResolver {
+
+    @Inject
+    protected BackupManager backupManager;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    ////////////////////////////////////////////////////
+
+    @Parameter(name = ApiConstants.SOURCE_OFFERING_ID, type = BaseCmd.CommandType.UUID, entityType = BackupOfferingResponse.class,
+            required = true, description = "The ID of the source backup offering to clone from")
+    private Long sourceOfferingId;
+
+    @Parameter(name = ApiConstants.NAME, type = BaseCmd.CommandType.STRING, required = true,
+            description = "The name of the cloned offering")
+    private String name;
+
+    @Parameter(name = ApiConstants.DESCRIPTION, type = BaseCmd.CommandType.STRING, required = false,
+            description = "The description of the cloned offering")
+    private String description;
+
+    @Parameter(name = ApiConstants.EXTERNAL_ID, type = BaseCmd.CommandType.STRING, required = false,
+            description = "The backup offering ID (from backup provider side)")
+    private String externalId;
+
+    @Parameter(name = ApiConstants.ZONE_ID, type = BaseCmd.CommandType.UUID, entityType = ZoneResponse.class,
+            description = "The zone ID", required = false)
+    private Long zoneId;
+
+    @Parameter(name = ApiConstants.DOMAIN_ID,
+            type = CommandType.STRING,
+            description = "the ID of the containing domain(s) as comma separated string, public for public offerings",
+            length = 4096)
+    private String domainIds;
+
+    @Parameter(name = ApiConstants.ALLOW_USER_DRIVEN_BACKUPS, type = BaseCmd.CommandType.BOOLEAN,
+            description = "Whether users are allowed to create adhoc backups and backup schedules", required = false)
+    private Boolean userDrivenBackups;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getSourceOfferingId() {
+        return sourceOfferingId;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public String getExternalId() {
+        return externalId;
+    }
+
+    public Long getZoneId() {
+        return zoneId;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public Boolean getUserDrivenBackups() {
+        return userDrivenBackups;
+    }
+
+    public List<Long> getDomainIds() {
+        if (domainIds != null && !domainIds.isEmpty()) {
+            return Arrays.asList(Arrays.stream(domainIds.split(",")).map(domainId -> Long.parseLong(domainId.trim())).toArray(Long[]::new));
+        }
+        LongFunction<List<Long>> defaultDomainsProvider = null;
+        if (backupManager != null) {
+            defaultDomainsProvider = backupManager::getBackupOfferingDomains;
+        }
+        return resolveDomainIds(domainIds, sourceOfferingId, defaultDomainsProvider, "backup offering");
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
+        try {
+            BackupOffering policy = backupManager.cloneBackupOffering(this);
+            if (policy == null) {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to clone backup offering");
+            }
+            BackupOfferingResponse response = _responseGenerator.createBackupOfferingResponse(policy);
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } catch (InvalidParameterValueException e) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, e.getMessage());
+        } catch (CloudRuntimeException e) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.getMessage());
+        }
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return CallContext.current().getCallingAccount().getId();
+    }
+
+    @Override
+    public String getEventType() {
+        return EventTypes.EVENT_VM_BACKUP_OFFERING_CLONE;
+    }
+
+    @Override
+    public String getEventDescription() {
+        return "Cloning backup offering: " + name + " from source offering: " + (sourceOfferingId == null ? "" : sourceOfferingId.toString());
+    }
+}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/backup/ImportBackupOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/backup/ImportBackupOfferingCmd.java
index f852f7e25776..4cf27c561508 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/admin/backup/ImportBackupOfferingCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/backup/ImportBackupOfferingCmd.java
@@ -54,7 +54,7 @@
 public class ImportBackupOfferingCmd extends BaseAsyncCmd {
 
     @Inject
-    private BackupManager backupManager;
+    protected BackupManager backupManager;
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
@@ -86,7 +86,8 @@ public class ImportBackupOfferingCmd extends BaseAsyncCmd {
             type = CommandType.LIST,
             collectionType = CommandType.UUID,
             entityType = DomainResponse.class,
-            description = "the ID of the containing domain(s), null for public offerings")
+            description = "the ID of the containing domain(s), null for public offerings",
+            since = "4.23.0")
     private List<Long> domainIds;
 
     /////////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CloneNetworkOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CloneNetworkOfferingCmd.java
new file mode 100644
index 000000000000..19760ffaaa10
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CloneNetworkOfferingCmd.java
@@ -0,0 +1,113 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.network;
+
+import java.util.List;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.NetworkOfferingResponse;
+
+import com.cloud.offering.NetworkOffering;
+
+@APICommand(name = "cloneNetworkOffering",
+        description = "Clones a network offering. All parameters are copied from the source offering unless explicitly overridden. " +
+                "Use 'addServices' and 'dropServices' to modify the service list without respecifying everything.",
+        responseObject = NetworkOfferingResponse.class,
+        requestHasSensitiveInfo = false,
+        responseHasSensitiveInfo = false,
+        since = "4.23.0")
+public class CloneNetworkOfferingCmd extends NetworkOfferingBaseCmd {
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name = ApiConstants.SOURCE_OFFERING_ID,
+            type = BaseCmd.CommandType.UUID,
+            entityType = NetworkOfferingResponse.class,
+            required = true,
+            description = "The ID of the source network offering to clone from")
+    private Long sourceOfferingId;
+
+    @Parameter(name = "addservices",
+            type = CommandType.LIST,
+            collectionType = CommandType.STRING,
+            description = "Services to add to the cloned offering (in addition to source offering services). " +
+                    "If specified along with 'supportedservices', this parameter is ignored.")
+    private List<String> addServices;
+
+    @Parameter(name = "dropservices",
+            type = CommandType.LIST,
+            collectionType = CommandType.STRING,
+            description = "Services to remove from the cloned offering (that exist in source offering). " +
+                    "If specified along with 'supportedservices', this parameter is ignored.")
+    private List<String> dropServices;
+
+    @Parameter(name = ApiConstants.TRAFFIC_TYPE,
+            type = CommandType.STRING,
+            description = "The traffic type for the network offering. Supported type in current release is GUEST only")
+    private String traffictype;
+
+    @Parameter(name = ApiConstants.GUEST_IP_TYPE, type = CommandType.STRING, description = "Guest type of the network offering: Shared or Isolated")
+    private String guestIptype;
+
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getSourceOfferingId() {
+        return sourceOfferingId;
+    }
+
+    public List<String> getAddServices() {
+        return addServices;
+    }
+
+    public List<String> getDropServices() {
+        return dropServices;
+    }
+
+    public String getGuestIpType() {
+        return guestIptype;
+    }
+
+    public String getTraffictype() {
+        return traffictype;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() {
+        NetworkOffering result = _configService.cloneNetworkOffering(this);
+        if (result != null) {
+            NetworkOfferingResponse response = _responseGenerator.createNetworkOfferingResponse(result);
+            response.setResponseName(getCommandName());
+            this.setResponseObject(response);
+        } else {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to clone network offering");
+        }
+    }
+}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java
index a0559f57dab0..5c39060f9fa3 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkOfferingCmd.java
@@ -16,505 +16,47 @@
 // under the License.
 package org.apache.cloudstack.api.command.admin.network;
 
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.stream.Collectors;
-
-import com.cloud.network.Network;
-import com.cloud.network.VirtualRouterProvider;
-import org.apache.cloudstack.api.response.DomainResponse;
-import org.apache.cloudstack.api.response.ZoneResponse;
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.lang3.BooleanUtils;
-import org.apache.commons.lang3.StringUtils;
-
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
-import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.Parameter;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.NetworkOfferingResponse;
-import org.apache.cloudstack.api.response.ServiceOfferingResponse;
 
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.network.Network.Capability;
-import com.cloud.network.Network.Service;
 import com.cloud.offering.NetworkOffering;
-import com.cloud.offering.NetworkOffering.Availability;
-import com.cloud.user.Account;
-
-import static com.cloud.network.Network.Service.Dhcp;
-import static com.cloud.network.Network.Service.Dns;
-import static com.cloud.network.Network.Service.Lb;
-import static com.cloud.network.Network.Service.StaticNat;
-import static com.cloud.network.Network.Service.SourceNat;
-import static com.cloud.network.Network.Service.PortForwarding;
-import static com.cloud.network.Network.Service.NetworkACL;
-import static com.cloud.network.Network.Service.UserData;
-import static com.cloud.network.Network.Service.Firewall;
-
-import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNetrisNatted;
-import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNetrisRouted;
-import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNsxWithoutLb;
 
 @APICommand(name = "createNetworkOffering", description = "Creates a network offering.", responseObject = NetworkOfferingResponse.class, since = "3.0.0",
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
-public class CreateNetworkOfferingCmd extends BaseCmd {
+public class CreateNetworkOfferingCmd extends NetworkOfferingBaseCmd {
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
 
-    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "The name of the network offering")
-    private String networkOfferingName;
-
-    @Parameter(name = ApiConstants.DISPLAY_TEXT, type = CommandType.STRING, description = "The display text of the network offering, defaults to the value of 'name'.")
-    private String displayText;
-
     @Parameter(name = ApiConstants.TRAFFIC_TYPE,
             type = CommandType.STRING,
             required = true,
             description = "The traffic type for the network offering. Supported type in current release is GUEST only")
     private String traffictype;
 
-    @Parameter(name = ApiConstants.TAGS, type = CommandType.STRING, description = "The tags for the network offering.", length = 4096)
-    private String tags;
-
-    @Parameter(name = ApiConstants.SPECIFY_VLAN, type = CommandType.BOOLEAN, description = "True if network offering supports VLANs")
-    private Boolean specifyVlan;
-
-    @Parameter(name = ApiConstants.AVAILABILITY, type = CommandType.STRING, description = "The availability of network offering. The default value is Optional. "
-            + " Another value is Required, which will make it as the default network offering for new networks ")
-    private String availability;
-
-    @Parameter(name = ApiConstants.NETWORKRATE, type = CommandType.INTEGER, description = "Data transfer rate in megabits per second allowed")
-    private Integer networkRate;
-
-    @Parameter(name = ApiConstants.CONSERVE_MODE, type = CommandType.BOOLEAN, description = "True if the network offering is IP conserve mode enabled")
-    private Boolean conserveMode;
-
-    @Parameter(name = ApiConstants.SERVICE_OFFERING_ID,
-            type = CommandType.UUID,
-            entityType = ServiceOfferingResponse.class,
-            description = "The service offering ID used by virtual router provider")
-    private Long serviceOfferingId;
-
     @Parameter(name = ApiConstants.GUEST_IP_TYPE, type = CommandType.STRING, required = true, description = "Guest type of the network offering: Shared or Isolated")
     private String guestIptype;
 
-    @Parameter(name = ApiConstants.INTERNET_PROTOCOL,
-            type = CommandType.STRING,
-            description = "The internet protocol of network offering. Options are IPv4 and dualstack. Default is IPv4. dualstack will create a network offering that supports both IPv4 and IPv6",
-            since = "4.17.0")
-    private String internetProtocol;
-
-    @Parameter(name = ApiConstants.SUPPORTED_SERVICES,
-            type = CommandType.LIST,
-            collectionType = CommandType.STRING,
-            description = "Services supported by the network offering")
-    private List<String> supportedServices;
-
-    @Parameter(name = ApiConstants.SERVICE_PROVIDER_LIST,
-            type = CommandType.MAP,
-            description = "Provider to service mapping. If not specified, the provider for the service will be mapped to the default provider on the physical network")
-    private Map serviceProviderList;
-
-    @Parameter(name = ApiConstants.SERVICE_CAPABILITY_LIST, type = CommandType.MAP, description = "Desired service capabilities as part of network offering")
-    private Map serviceCapabilitystList;
-
-    @Parameter(name = ApiConstants.SPECIFY_IP_RANGES,
-            type = CommandType.BOOLEAN,
-            description = "True if network offering supports specifying ip ranges; defaulted to false if not specified")
-    private Boolean specifyIpRanges;
-
-    @Parameter(name = ApiConstants.IS_PERSISTENT,
-            type = CommandType.BOOLEAN,
-            description = "True if network offering supports persistent networks; defaulted to false if not specified")
-    private Boolean isPersistent;
-
-    @Parameter(name = ApiConstants.FOR_VPC,
-            type = CommandType.BOOLEAN,
-            description = "True if network offering is meant to be used for VPC, false otherwise.")
-    private Boolean forVpc;
-
-    @Deprecated
-    @Parameter(name = ApiConstants.FOR_NSX,
-            type = CommandType.BOOLEAN,
-            description = "true if network offering is meant to be used for NSX, false otherwise.",
-            since = "4.20.0")
-    private Boolean forNsx;
-
-    @Parameter(name = ApiConstants.PROVIDER,
-            type = CommandType.STRING,
-            description = "Name of the provider providing the service",
-            since = "4.21.0")
-    private String provider;
-
-    @Parameter(name = ApiConstants.NSX_SUPPORT_LB,
-            type = CommandType.BOOLEAN,
-            description = "True if network offering for NSX network offering supports Load balancer service.",
-            since = "4.20.0")
-    private Boolean nsxSupportsLbService;
-
-    @Parameter(name = ApiConstants.NSX_SUPPORTS_INTERNAL_LB,
-            type = CommandType.BOOLEAN,
-            description = "True if network offering for NSX network offering supports Internal Load balancer service.",
-            since = "4.20.0")
-    private Boolean nsxSupportsInternalLbService;
-
-    @Parameter(name = ApiConstants.NETWORK_MODE,
-            type = CommandType.STRING,
-            description = "Indicates the mode with which the network will operate. Valid option: NATTED or ROUTED",
-            since = "4.20.0")
-    private String networkMode;
-
-    @Parameter(name = ApiConstants.FOR_TUNGSTEN,
-            type = CommandType.BOOLEAN,
-            description = "True if network offering is meant to be used for Tungsten-Fabric, false otherwise.")
-    private Boolean forTungsten;
-
-    @Parameter(name = ApiConstants.DETAILS, type = CommandType.MAP, since = "4.2.0", description = "Network offering details in key/value pairs."
-            + " Supported keys are internallbprovider/publiclbprovider with service provider as a value, and"
-            + " promiscuousmode/macaddresschanges/forgedtransmits with true/false as value to accept/reject the security settings if available for a nic/portgroup")
-    protected Map details;
-
-    @Parameter(name = ApiConstants.EGRESS_DEFAULT_POLICY,
-            type = CommandType.BOOLEAN,
-            description = "True if guest network default egress policy is allow; false if default egress policy is deny")
-    private Boolean egressDefaultPolicy;
-
-    @Parameter(name = ApiConstants.KEEPALIVE_ENABLED,
-            type = CommandType.BOOLEAN,
-            required = false,
-            description = "If true keepalive will be turned on in the loadbalancer. At the time of writing this has only an effect on haproxy; the mode http and httpclose options are unset in the haproxy conf file.")
-    private Boolean keepAliveEnabled;
-
-    @Parameter(name = ApiConstants.MAX_CONNECTIONS,
-            type = CommandType.INTEGER,
-            description = "Maximum number of concurrent connections supported by the Network offering")
-    private Integer maxConnections;
-
-    @Parameter(name = ApiConstants.DOMAIN_ID,
-            type = CommandType.LIST,
-            collectionType = CommandType.UUID,
-            entityType = DomainResponse.class,
-            description = "The ID of the containing domain(s), null for public offerings")
-    private List<Long> domainIds;
-
-    @Parameter(name = ApiConstants.ZONE_ID,
-            type = CommandType.LIST,
-            collectionType = CommandType.UUID,
-            entityType = ZoneResponse.class,
-            description = "The ID of the containing zone(s), null for public offerings",
-            since = "4.13")
-    private List<Long> zoneIds;
-
-    @Parameter(name = ApiConstants.ENABLE,
-            type = CommandType.BOOLEAN,
-            description = "Set to true if the offering is to be enabled during creation. Default is false",
-            since = "4.16")
-    private Boolean enable;
-
-    @Parameter(name = ApiConstants.SPECIFY_AS_NUMBER, type = CommandType.BOOLEAN, since = "4.20.0",
-            description = "true if network offering supports choosing AS number")
-    private Boolean specifyAsNumber;
-
-    @Parameter(name = ApiConstants.ROUTING_MODE,
-            type = CommandType.STRING,
-            since = "4.20.0",
-            description = "the routing mode for the network offering. Supported types are: Static or Dynamic.")
-    private String routingMode;
-
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
 
-    public String getNetworkOfferingName() {
-        return networkOfferingName;
-    }
-
-    public String getDisplayText() {
-        return StringUtils.isEmpty(displayText) ? networkOfferingName : displayText;
-    }
-
-    public String getTags() {
-        return tags;
-    }
-
     public String getTraffictype() {
         return traffictype;
     }
 
-    public Boolean getSpecifyVlan() {
-        return specifyVlan == null ? false : specifyVlan;
-    }
-
-    public String getAvailability() {
-        return availability == null ? Availability.Optional.toString() : availability;
-    }
-
-    public Integer getNetworkRate() {
-        return networkRate;
-    }
-
-    public Long getServiceOfferingId() {
-        return serviceOfferingId;
-    }
-
-    public boolean isExternalNetworkProvider() {
-        return Arrays.asList("NSX", "Netris").stream()
-                .anyMatch(s -> provider != null && s.equalsIgnoreCase(provider));
-    }
-
-    public boolean isForNsx() {
-        return provider != null && provider.equalsIgnoreCase("NSX");
-    }
-
-    public boolean isForNetris() {
-        return provider != null && provider.equalsIgnoreCase("Netris");
-    }
-
-    public String getProvider() {
-        return provider;
-    }
-
-    public List<String> getSupportedServices() {
-        if (!isExternalNetworkProvider()) {
-            return supportedServices == null ? new ArrayList<String>() : supportedServices;
-        } else {
-            List<String> services = new ArrayList<>(List.of(
-                    Dhcp.getName(),
-                    Dns.getName(),
-                    UserData.getName()
-            ));
-            if (NetworkOffering.NetworkMode.NATTED.name().equalsIgnoreCase(getNetworkMode())) {
-                services.addAll(Arrays.asList(
-                        StaticNat.getName(),
-                        SourceNat.getName(),
-                        PortForwarding.getName()));
-            }
-            if (getNsxSupportsLbService() || (provider != null && isNetrisNatted(getProvider(), getNetworkMode()))) {
-                services.add(Lb.getName());
-            }
-            if (Boolean.TRUE.equals(forVpc)) {
-                services.add(NetworkACL.getName());
-            } else {
-                services.add(Firewall.getName());
-            }
-            return services;
-        }
-    }
-
     public String getGuestIpType() {
         return guestIptype;
     }
 
-    public String getInternetProtocol() {
-        return internetProtocol;
-    }
-
-    public Boolean getSpecifyIpRanges() {
-        return specifyIpRanges == null ? false : specifyIpRanges;
-    }
-
-    public Boolean getConserveMode() {
-        if (conserveMode == null) {
-            return true;
-        }
-        return conserveMode;
-    }
-
-    public Boolean getIsPersistent() {
-        return isPersistent == null ? false : isPersistent;
-    }
-
-    public Boolean getForVpc() {
-        return forVpc;
-    }
-
-    public String getNetworkMode() {
-        return networkMode;
-    }
-
-    public boolean getNsxSupportsLbService() {
-        return BooleanUtils.isTrue(nsxSupportsLbService);
-    }
-
-    public boolean getNsxSupportsInternalLbService() {
-        return BooleanUtils.isTrue(nsxSupportsInternalLbService);
-    }
-
-    public Boolean getForTungsten() {
-        return forTungsten;
-    }
-
-    public Boolean getEgressDefaultPolicy() {
-        if (egressDefaultPolicy == null) {
-            return true;
-        }
-        return egressDefaultPolicy;
-    }
-
-    public Boolean getKeepAliveEnabled() {
-        return keepAliveEnabled;
-    }
-
-    public Integer getMaxconnections() {
-        return maxConnections;
-    }
-
-    public Map<String, List<String>> getServiceProviders() {
-        Map<String, List<String>> serviceProviderMap = new HashMap<>();
-        if (serviceProviderList != null && !serviceProviderList.isEmpty() && !isExternalNetworkProvider()) {
-            Collection servicesCollection = serviceProviderList.values();
-            Iterator iter = servicesCollection.iterator();
-            while (iter.hasNext()) {
-                HashMap<String, String> services = (HashMap<String, String>) iter.next();
-                String service = services.get("service");
-                String provider = services.get("provider");
-                List<String> providerList = null;
-                if (serviceProviderMap.containsKey(service)) {
-                    providerList = serviceProviderMap.get(service);
-                } else {
-                    providerList = new ArrayList<String>();
-                }
-                providerList.add(provider);
-                serviceProviderMap.put(service, providerList);
-            }
-        } else if (isExternalNetworkProvider()) {
-            getServiceProviderMapForExternalProvider(serviceProviderMap, Network.Provider.getProvider(provider).getName());
-        }
-        return serviceProviderMap;
-    }
-
-    private void getServiceProviderMapForExternalProvider(Map<String, List<String>> serviceProviderMap, String provider) {
-        String routerProvider = Boolean.TRUE.equals(getForVpc()) ? VirtualRouterProvider.Type.VPCVirtualRouter.name() :
-                VirtualRouterProvider.Type.VirtualRouter.name();
-        List<String> unsupportedServices = new ArrayList<>(List.of("Vpn", "Gateway", "SecurityGroup", "Connectivity", "BaremetalPxeService"));
-        List<String> routerSupported = List.of("Dhcp", "Dns", "UserData");
-        List<String> allServices = Service.listAllServices().stream().map(Service::getName).collect(Collectors.toList());
-        if (routerProvider.equals(VirtualRouterProvider.Type.VPCVirtualRouter.name())) {
-            unsupportedServices.add("Firewall");
-        } else {
-            unsupportedServices.add("NetworkACL");
-        }
-        for (String service : allServices) {
-            if (unsupportedServices.contains(service))
-                continue;
-            if (routerSupported.contains(service))
-                serviceProviderMap.put(service, List.of(routerProvider));
-            else if (NetworkOffering.NetworkMode.NATTED.name().equalsIgnoreCase(getNetworkMode()) || NetworkACL.getName().equalsIgnoreCase(service)) {
-                    serviceProviderMap.put(service, List.of(provider));
-                }
-            if (isNsxWithoutLb(getProvider(), getNsxSupportsLbService()) || isNetrisRouted(getProvider(), getNetworkMode())) {
-                serviceProviderMap.remove(Lb.getName());
-            }
-        }
-    }
-
-    public Map<Capability, String> getServiceCapabilities(Service service) {
-        Map<Capability, String> capabilityMap = null;
-
-        if (serviceCapabilitystList != null && !serviceCapabilitystList.isEmpty()) {
-            capabilityMap = new HashMap<Capability, String>();
-            Collection serviceCapabilityCollection = serviceCapabilitystList.values();
-            Iterator iter = serviceCapabilityCollection.iterator();
-            while (iter.hasNext()) {
-                HashMap<String, String> svcCapabilityMap = (HashMap<String, String>) iter.next();
-                Capability capability = null;
-                String svc = svcCapabilityMap.get("service");
-                String capabilityName = svcCapabilityMap.get("capabilitytype");
-                String capabilityValue = svcCapabilityMap.get("capabilityvalue");
-
-                if (capabilityName != null) {
-                    capability = Capability.getCapability(capabilityName);
-                }
-
-                if ((capability == null) || (capabilityName == null) || (capabilityValue == null)) {
-                    throw new InvalidParameterValueException("Invalid capability:" + capabilityName + " capability value:" + capabilityValue);
-                }
-
-                if (svc.equalsIgnoreCase(service.getName())) {
-                    capabilityMap.put(capability, capabilityValue);
-                } else {
-                    //throw new InvalidParameterValueException("Service is not equal ")
-                }
-            }
-        }
-
-        return capabilityMap;
-    }
-
-    public Map<String, String> getDetails() {
-        if (details == null || details.isEmpty()) {
-            return null;
-        }
-
-        Collection paramsCollection = details.values();
-        Object objlist[] = paramsCollection.toArray();
-        Map<String, String> params = (Map<String, String>) (objlist[0]);
-        for (int i = 1; i < objlist.length; i++) {
-            params.putAll((Map<String, String>) (objlist[i]));
-        }
-
-        return params;
-    }
-
-    public String getServicePackageId() {
-        Map<String, String> data = getDetails();
-        if (data == null)
-            return null;
-        return data.get(NetworkOffering.Detail.servicepackageuuid + "");
-    }
-
-    public List<Long> getDomainIds() {
-        if (CollectionUtils.isNotEmpty(domainIds)) {
-            Set<Long> set = new LinkedHashSet<>(domainIds);
-            domainIds.clear();
-            domainIds.addAll(set);
-        }
-        return domainIds;
-    }
-
-    public List<Long> getZoneIds() {
-        if (CollectionUtils.isNotEmpty(zoneIds)) {
-            Set<Long> set = new LinkedHashSet<>(zoneIds);
-            zoneIds.clear();
-            zoneIds.addAll(set);
-        }
-        return zoneIds;
-    }
-
-    public Boolean getEnable() {
-        if (enable != null) {
-            return enable;
-        }
-        return false;
-    }
-
-    public boolean getSpecifyAsNumber() {
-        return BooleanUtils.toBoolean(specifyAsNumber);
-    }
-
-    public String getRoutingMode() {
-        return routingMode;
-    }
-
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
-    @Override
-    public long getEntityOwnerId() {
-        return Account.ACCOUNT_ID_SYSTEM;
-    }
 
     @Override
     public void execute() {
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreatePhysicalNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreatePhysicalNetworkCmd.java
index 75444bebd3dd..097b8a5b5458 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreatePhysicalNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreatePhysicalNetworkCmd.java
@@ -75,7 +75,7 @@ public class CreatePhysicalNetworkCmd extends BaseAsyncCreateCmd {
     @Parameter(name = ApiConstants.ISOLATION_METHODS,
                type = CommandType.LIST,
                collectionType = CommandType.STRING,
-               description = "The isolation method for the physical Network[VLAN/L3/GRE]")
+               description = "The isolation method for the physical Network[VLAN/VXLAN/GRE/STT/BCF_SEGMENT/SSP/ODL/L3VPN/VCS/NSX/NETRIS]")
     private List<String> isolationMethods;
 
     @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "The name of the physical Network")
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/NetworkOfferingBaseCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/NetworkOfferingBaseCmd.java
new file mode 100644
index 000000000000..1c832b7217ef
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/NetworkOfferingBaseCmd.java
@@ -0,0 +1,493 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.network;
+
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.Network;
+import com.cloud.network.VirtualRouterProvider;
+import com.cloud.offering.NetworkOffering;
+import com.cloud.user.Account;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.ServiceOfferingResponse;
+import org.apache.cloudstack.api.response.ZoneResponse;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.BooleanUtils;
+import org.apache.commons.lang3.StringUtils;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import static com.cloud.network.Network.Service.Dhcp;
+import static com.cloud.network.Network.Service.Dns;
+import static com.cloud.network.Network.Service.Firewall;
+import static com.cloud.network.Network.Service.Lb;
+import static com.cloud.network.Network.Service.NetworkACL;
+import static com.cloud.network.Network.Service.PortForwarding;
+import static com.cloud.network.Network.Service.SourceNat;
+import static com.cloud.network.Network.Service.StaticNat;
+import static com.cloud.network.Network.Service.UserData;
+
+import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNsxWithoutLb;
+import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNetrisNatted;
+import static org.apache.cloudstack.api.command.utils.OfferingUtils.isNetrisRouted;
+
+public abstract class NetworkOfferingBaseCmd extends BaseCmd {
+
+    public abstract String getGuestIpType();
+    public abstract String getTraffictype();
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "The name of the network offering")
+    private String networkOfferingName;
+
+    @Parameter(name = ApiConstants.DISPLAY_TEXT, type = CommandType.STRING, description = "The display text of the network offering, defaults to the value of 'name'.")
+    private String displayText;
+
+    @Parameter(name = ApiConstants.TAGS, type = CommandType.STRING, description = "The tags for the network offering.", length = 4096)
+    private String tags;
+
+    @Parameter(name = ApiConstants.SPECIFY_VLAN, type = CommandType.BOOLEAN, description = "True if network offering supports VLANs")
+    private Boolean specifyVlan;
+
+    @Parameter(name = ApiConstants.AVAILABILITY, type = CommandType.STRING, description = "The availability of network offering. The default value is Optional. "
+            + " Another value is Required, which will make it as the default network offering for new networks ")
+    private String availability;
+
+    @Parameter(name = ApiConstants.NETWORKRATE, type = CommandType.INTEGER, description = "Data transfer rate in megabits per second allowed")
+    private Integer networkRate;
+
+    @Parameter(name = ApiConstants.CONSERVE_MODE, type = CommandType.BOOLEAN, description = "True if the network offering is IP conserve mode enabled")
+    private Boolean conserveMode;
+
+    @Parameter(name = ApiConstants.SERVICE_OFFERING_ID,
+            type = CommandType.UUID,
+            entityType = ServiceOfferingResponse.class,
+            description = "The service offering ID used by virtual router provider")
+    private Long serviceOfferingId;
+
+    @Parameter(name = ApiConstants.INTERNET_PROTOCOL,
+            type = CommandType.STRING,
+            description = "The internet protocol of network offering. Options are IPv4 and dualstack. Default is IPv4. dualstack will create a network offering that supports both IPv4 and IPv6",
+            since = "4.17.0")
+    private String internetProtocol;
+
+    @Parameter(name = ApiConstants.SUPPORTED_SERVICES,
+            type = CommandType.LIST,
+            collectionType = CommandType.STRING,
+            description = "Services supported by the network offering")
+    private List<String> supportedServices;
+
+    @Parameter(name = ApiConstants.SERVICE_PROVIDER_LIST,
+            type = CommandType.MAP,
+            description = "Provider to service mapping. If not specified, the provider for the service will be mapped to the default provider on the physical network")
+    private Map serviceProviderList;
+
+    @Parameter(name = ApiConstants.SERVICE_CAPABILITY_LIST, type = CommandType.MAP, description = "Desired service capabilities as part of network offering")
+    private Map serviceCapabilitiesList;
+
+    @Parameter(name = ApiConstants.SPECIFY_IP_RANGES,
+            type = CommandType.BOOLEAN,
+            description = "True if network offering supports specifying ip ranges; defaulted to false if not specified")
+    private Boolean specifyIpRanges;
+
+    @Parameter(name = ApiConstants.IS_PERSISTENT,
+            type = CommandType.BOOLEAN,
+            description = "True if network offering supports persistent networks; defaulted to false if not specified")
+    private Boolean isPersistent;
+
+    @Parameter(name = ApiConstants.FOR_VPC,
+            type = CommandType.BOOLEAN,
+            description = "True if network offering is meant to be used for VPC, false otherwise.")
+    private Boolean forVpc;
+
+    @Deprecated
+    @Parameter(name = ApiConstants.FOR_NSX,
+            type = CommandType.BOOLEAN,
+            description = "true if network offering is meant to be used for NSX, false otherwise.",
+            since = "4.20.0")
+    private Boolean forNsx;
+
+    @Parameter(name = ApiConstants.PROVIDER,
+            type = CommandType.STRING,
+            description = "Name of the provider providing the service",
+            since = "4.21.0")
+    private String provider;
+
+    @Parameter(name = ApiConstants.NSX_SUPPORT_LB,
+            type = CommandType.BOOLEAN,
+            description = "True if network offering for NSX network offering supports Load balancer service.",
+            since = "4.20.0")
+    private Boolean nsxSupportsLbService;
+
+    @Parameter(name = ApiConstants.NSX_SUPPORTS_INTERNAL_LB,
+            type = CommandType.BOOLEAN,
+            description = "True if network offering for NSX network offering supports Internal Load balancer service.",
+            since = "4.20.0")
+    private Boolean nsxSupportsInternalLbService;
+
+    @Parameter(name = ApiConstants.NETWORK_MODE,
+            type = CommandType.STRING,
+            description = "Indicates the mode with which the network will operate. Valid option: NATTED or ROUTED",
+            since = "4.20.0")
+    private String networkMode;
+
+    @Parameter(name = ApiConstants.FOR_TUNGSTEN,
+            type = CommandType.BOOLEAN,
+            description = "True if network offering is meant to be used for Tungsten-Fabric, false otherwise.")
+    private Boolean forTungsten;
+
+    @Parameter(name = ApiConstants.DETAILS, type = CommandType.MAP, since = "4.2.0", description = "Network offering details in key/value pairs."
+            + " Supported keys are internallbprovider/publiclbprovider with service provider as a value, and"
+            + " promiscuousmode/macaddresschanges/forgedtransmits with true/false as value to accept/reject the security settings if available for a nic/portgroup")
+    protected Map details;
+
+    @Parameter(name = ApiConstants.EGRESS_DEFAULT_POLICY,
+            type = CommandType.BOOLEAN,
+            description = "True if guest network default egress policy is allow; false if default egress policy is deny")
+    private Boolean egressDefaultPolicy;
+
+    @Parameter(name = ApiConstants.KEEPALIVE_ENABLED,
+            type = CommandType.BOOLEAN,
+            required = false,
+            description = "If true keepalive will be turned on in the loadbalancer. At the time of writing this has only an effect on haproxy; the mode http and httpclose options are unset in the haproxy conf file.")
+    private Boolean keepAliveEnabled;
+
+    @Parameter(name = ApiConstants.MAX_CONNECTIONS,
+            type = CommandType.INTEGER,
+            description = "Maximum number of concurrent connections supported by the Network offering")
+    private Integer maxConnections;
+
+    @Parameter(name = ApiConstants.DOMAIN_ID,
+            type = CommandType.LIST,
+            collectionType = CommandType.UUID,
+            entityType = DomainResponse.class,
+            description = "The ID of the containing domain(s), null for public offerings")
+    private List<Long> domainIds;
+
+    @Parameter(name = ApiConstants.ZONE_ID,
+            type = CommandType.LIST,
+            collectionType = CommandType.UUID,
+            entityType = ZoneResponse.class,
+            description = "The ID of the containing zone(s), null for public offerings",
+            since = "4.13")
+    private List<Long> zoneIds;
+
+    @Parameter(name = ApiConstants.ENABLE,
+            type = CommandType.BOOLEAN,
+            description = "Set to true if the offering is to be enabled during creation. Default is false",
+            since = "4.16")
+    private Boolean enable;
+
+    @Parameter(name = ApiConstants.SPECIFY_AS_NUMBER, type = CommandType.BOOLEAN, since = "4.20.0",
+            description = "true if network offering supports choosing AS number")
+    private Boolean specifyAsNumber;
+
+    @Parameter(name = ApiConstants.ROUTING_MODE,
+            type = CommandType.STRING,
+            since = "4.20.0",
+            description = "the routing mode for the network offering. Supported types are: Static or Dynamic.")
+    private String routingMode;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public String getNetworkOfferingName() {
+        return networkOfferingName;
+    }
+
+    public String getDisplayText() {
+        return StringUtils.isEmpty(displayText) ? networkOfferingName : displayText;
+    }
+
+    public String getTags() {
+        return tags;
+    }
+
+    public Boolean getSpecifyVlan() {
+        return specifyVlan == null ? false : specifyVlan;
+    }
+
+    public String getAvailability() {
+        return availability == null ? NetworkOffering.Availability.Optional.toString() : availability;
+    }
+
+    public Integer getNetworkRate() {
+        return networkRate;
+    }
+
+    public Long getServiceOfferingId() {
+        return serviceOfferingId;
+    }
+
+    public boolean isExternalNetworkProvider() {
+        return Arrays.asList("NSX", "Netris").stream()
+                .anyMatch(s -> provider != null && s.equalsIgnoreCase(provider));
+    }
+
+    public boolean isForNsx() {
+        return provider != null && provider.equalsIgnoreCase("NSX");
+    }
+
+    public boolean isForNetris() {
+        return provider != null && provider.equalsIgnoreCase("Netris");
+    }
+
+    public String getProvider() {
+        return provider;
+    }
+
+    public List<String> getSupportedServices() {
+        if (!isExternalNetworkProvider()) {
+            return supportedServices == null ? new ArrayList<String>() : supportedServices;
+        } else {
+            List<String> services = new ArrayList<>(List.of(
+                    Dhcp.getName(),
+                    Dns.getName(),
+                    UserData.getName()
+            ));
+            if (NetworkOffering.NetworkMode.NATTED.name().equalsIgnoreCase(getNetworkMode())) {
+                services.addAll(Arrays.asList(
+                        StaticNat.getName(),
+                        SourceNat.getName(),
+                        PortForwarding.getName()));
+            }
+            if (getNsxSupportsLbService() || (provider != null && isNetrisNatted(getProvider(), getNetworkMode()))) {
+                services.add(Lb.getName());
+            }
+            if (Boolean.TRUE.equals(forVpc)) {
+                services.add(NetworkACL.getName());
+            } else {
+                services.add(Firewall.getName());
+            }
+            return services;
+        }
+    }
+
+    public String getInternetProtocol() {
+        return internetProtocol;
+    }
+
+    public Boolean getSpecifyIpRanges() {
+        return specifyIpRanges == null ? false : specifyIpRanges;
+    }
+
+    public Boolean getConserveMode() {
+        if (conserveMode == null) {
+            return true;
+        }
+        return conserveMode;
+    }
+
+    public Boolean getIsPersistent() {
+        return isPersistent == null ? false : isPersistent;
+    }
+
+    public Boolean getForVpc() {
+        return forVpc;
+    }
+
+    public String getNetworkMode() {
+        return networkMode;
+    }
+
+    public boolean getNsxSupportsLbService() {
+        return BooleanUtils.isTrue(nsxSupportsLbService);
+    }
+
+    public boolean getNsxSupportsInternalLbService() {
+        return BooleanUtils.isTrue(nsxSupportsInternalLbService);
+    }
+
+    public Boolean getForTungsten() {
+        return forTungsten;
+    }
+
+    public Boolean getEgressDefaultPolicy() {
+        if (egressDefaultPolicy == null) {
+            return true;
+        }
+        return egressDefaultPolicy;
+    }
+
+    public Boolean getKeepAliveEnabled() {
+        return keepAliveEnabled;
+    }
+
+    public Integer getMaxconnections() {
+        return maxConnections;
+    }
+
+    public Map<String, List<String>> getServiceProviders() {
+        Map<String, List<String>> serviceProviderMap = new HashMap<>();
+        if (serviceProviderList != null && !serviceProviderList.isEmpty() && !isExternalNetworkProvider()) {
+            Collection servicesCollection = serviceProviderList.values();
+            Iterator iter = servicesCollection.iterator();
+            while (iter.hasNext()) {
+                HashMap<String, String> services = (HashMap<String, String>) iter.next();
+                String service = services.get("service");
+                String provider = services.get("provider");
+                List<String> providerList = null;
+                if (serviceProviderMap.containsKey(service)) {
+                    providerList = serviceProviderMap.get(service);
+                } else {
+                    providerList = new ArrayList<String>();
+                }
+                providerList.add(provider);
+                serviceProviderMap.put(service, providerList);
+            }
+        } else if (isExternalNetworkProvider()) {
+            getServiceProviderMapForExternalProvider(serviceProviderMap, Network.Provider.getProvider(provider).getName());
+        }
+        return serviceProviderMap;
+    }
+
+    private void getServiceProviderMapForExternalProvider(Map<String, List<String>> serviceProviderMap, String provider) {
+        String routerProvider = Boolean.TRUE.equals(getForVpc()) ? VirtualRouterProvider.Type.VPCVirtualRouter.name() :
+                VirtualRouterProvider.Type.VirtualRouter.name();
+        List<String> unsupportedServices = new ArrayList<>(List.of("Vpn", "Gateway", "SecurityGroup", "Connectivity", "BaremetalPxeService"));
+        List<String> routerSupported = List.of("Dhcp", "Dns", "UserData");
+        List<String> allServices = Network.Service.listAllServices().stream().map(Network.Service::getName).collect(Collectors.toList());
+        if (routerProvider.equals(VirtualRouterProvider.Type.VPCVirtualRouter.name())) {
+            unsupportedServices.add("Firewall");
+        } else {
+            unsupportedServices.add("NetworkACL");
+        }
+        for (String service : allServices) {
+            if (unsupportedServices.contains(service))
+                continue;
+            if (routerSupported.contains(service))
+                serviceProviderMap.put(service, List.of(routerProvider));
+            else if (NetworkOffering.NetworkMode.NATTED.name().equalsIgnoreCase(getNetworkMode()) || NetworkACL.getName().equalsIgnoreCase(service)) {
+                serviceProviderMap.put(service, List.of(provider));
+            }
+            if (isNsxWithoutLb(getProvider(), getNsxSupportsLbService()) || isNetrisRouted(getProvider(), getNetworkMode())) {
+                serviceProviderMap.remove(Lb.getName());
+            }
+        }
+    }
+
+    public Map<Network.Capability, String> getServiceCapabilities(Network.Service service) {
+        Map<Network.Capability, String> capabilityMap = null;
+
+        if (serviceCapabilitiesList != null && !serviceCapabilitiesList.isEmpty()) {
+            capabilityMap = new HashMap<Network.Capability, String>();
+            Collection serviceCapabilityCollection = serviceCapabilitiesList.values();
+            Iterator iter = serviceCapabilityCollection.iterator();
+            while (iter.hasNext()) {
+                HashMap<String, String> svcCapabilityMap = (HashMap<String, String>) iter.next();
+                Network.Capability capability = null;
+                String svc = svcCapabilityMap.get("service");
+                String capabilityName = svcCapabilityMap.get("capabilitytype");
+                String capabilityValue = svcCapabilityMap.get("capabilityvalue");
+
+                if (capabilityName != null) {
+                    capability = Network.Capability.getCapability(capabilityName);
+                }
+
+                if ((capability == null) || (capabilityName == null) || (capabilityValue == null)) {
+                    throw new InvalidParameterValueException("Invalid capability:" + capabilityName + " capability value:" + capabilityValue);
+                }
+
+                if (svc.equalsIgnoreCase(service.getName())) {
+                    capabilityMap.put(capability, capabilityValue);
+                } else {
+                    //throw new InvalidParameterValueException("Service is not equal ")
+                }
+            }
+        }
+
+        return capabilityMap;
+    }
+
+    public Map<String, String> getDetails() {
+        if (details == null || details.isEmpty()) {
+            return null;
+        }
+
+        Collection paramsCollection = details.values();
+        Object objlist[] = paramsCollection.toArray();
+        Map<String, String> params = (Map<String, String>) (objlist[0]);
+        for (int i = 1; i < objlist.length; i++) {
+            params.putAll((Map<String, String>) (objlist[i]));
+        }
+
+        return params;
+    }
+
+    public String getServicePackageId() {
+        Map<String, String> data = getDetails();
+        if (data == null)
+            return null;
+        return data.get(NetworkOffering.Detail.servicepackageuuid + "");
+    }
+
+    public List<Long> getDomainIds() {
+        if (CollectionUtils.isNotEmpty(domainIds)) {
+            Set<Long> set = new LinkedHashSet<>(domainIds);
+            domainIds.clear();
+            domainIds.addAll(set);
+        }
+        return domainIds;
+    }
+
+    public List<Long> getZoneIds() {
+        if (CollectionUtils.isNotEmpty(zoneIds)) {
+            Set<Long> set = new LinkedHashSet<>(zoneIds);
+            zoneIds.clear();
+            zoneIds.addAll(set);
+        }
+        return zoneIds;
+    }
+
+    public Boolean getEnable() {
+        if (enable != null) {
+            return enable;
+        }
+        return false;
+    }
+
+    public boolean getSpecifyAsNumber() {
+        return BooleanUtils.toBoolean(specifyAsNumber);
+    }
+
+    public String getRoutingMode() {
+        return routingMode;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+    @Override
+    public long getEntityOwnerId() {
+        return Account.ACCOUNT_ID_SYSTEM;
+    }
+}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/CloneDiskOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/CloneDiskOfferingCmd.java
new file mode 100644
index 000000000000..8d822be203ad
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/CloneDiskOfferingCmd.java
@@ -0,0 +1,73 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.offering;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DiskOfferingResponse;
+
+import com.cloud.offering.DiskOffering;
+
+@APICommand(name = "cloneDiskOffering",
+        description = "Clones a disk offering. All parameters from createDiskOffering are available. If not specified, values will be copied from the source offering.",
+        responseObject = DiskOfferingResponse.class,
+        requestHasSensitiveInfo = false,
+        responseHasSensitiveInfo = false,
+        since = "4.23.0",
+        authorized = {RoleType.Admin, RoleType.DomainAdmin})
+public class CloneDiskOfferingCmd extends CreateDiskOfferingCmd {
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name = ApiConstants.SOURCE_OFFERING_ID,
+            type = BaseCmd.CommandType.UUID,
+            entityType = DiskOfferingResponse.class,
+            required = true,
+            description = "The ID of the source disk offering to clone from")
+    private Long sourceOfferingId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getSourceOfferingId() {
+        return sourceOfferingId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() {
+        DiskOffering result = _configService.cloneDiskOffering(this);
+        if (result != null) {
+            DiskOfferingResponse response = _responseGenerator.createDiskOfferingResponse(result);
+            response.setResponseName(getCommandName());
+            this.setResponseObject(response);
+        } else {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to clone disk offering");
+        }
+    }
+}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/CloneServiceOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/CloneServiceOfferingCmd.java
new file mode 100644
index 000000000000..d01ca4c195da
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/offering/CloneServiceOfferingCmd.java
@@ -0,0 +1,79 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.offering;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.ServiceOfferingResponse;
+
+import com.cloud.offering.ServiceOffering;
+
+@APICommand(name = "cloneServiceOffering",
+        description = "Clones a service offering. All parameters from createServiceOffering are available. If not specified, values will be copied from the source offering.",
+        responseObject = ServiceOfferingResponse.class,
+        requestHasSensitiveInfo = false,
+        responseHasSensitiveInfo = false,
+        since = "4.23.0",
+        authorized = {RoleType.Admin, RoleType.DomainAdmin})
+public class CloneServiceOfferingCmd extends CreateServiceOfferingCmd {
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name = ApiConstants.SOURCE_OFFERING_ID,
+            type = CommandType.UUID,
+            entityType = ServiceOfferingResponse.class,
+            required = true,
+            description = "The ID of the source service offering to clone from")
+    private Long sourceOfferingId;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getSourceOfferingId() {
+        return sourceOfferingId;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+
+    @Override
+    public void execute() {
+        try {
+            ServiceOffering result = _configService.cloneServiceOffering(this);
+            if (result != null) {
+                ServiceOfferingResponse response = _responseGenerator.createServiceOfferingResponse(result);
+                response.setResponseName(getCommandName());
+                this.setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to clone service offering");
+            }
+        } catch (com.cloud.exception.InvalidParameterValueException e) {
+            throw new ServerApiException(ApiErrorCode.PARAM_ERROR, e.getMessage());
+        } catch (com.cloud.utils.exception.CloudRuntimeException e) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.getMessage());
+        }
+    }
+}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/vpc/CloneVPCOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/vpc/CloneVPCOfferingCmd.java
new file mode 100644
index 000000000000..2148ff5c2d4f
--- /dev/null
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/vpc/CloneVPCOfferingCmd.java
@@ -0,0 +1,109 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.admin.vpc;
+
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.network.vpc.VpcOffering;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.VpcOfferingResponse;
+
+import java.util.List;
+
+@APICommand(name = "cloneVPCOffering",
+        description = "Clones an existing VPC offering. All parameters are copied from the source offering unless explicitly overridden. " +
+                "Use 'addServices' and 'dropServices' to modify the service list without respecifying everything.",
+        responseObject = VpcOfferingResponse.class,
+        requestHasSensitiveInfo = false,
+        responseHasSensitiveInfo = false,
+        since = "4.23.0")
+public class CloneVPCOfferingCmd extends CreateVPCOfferingCmd {
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+
+    @Parameter(name = ApiConstants.SOURCE_OFFERING_ID,
+            type = BaseCmd.CommandType.UUID,
+            entityType = VpcOfferingResponse.class,
+            required = true,
+            description = "The ID of the source VPC offering to clone from")
+    private Long sourceOfferingId;
+
+    @Parameter(name = "addservices",
+            type = CommandType.LIST,
+            collectionType = CommandType.STRING,
+            description = "Services to add to the cloned offering (in addition to source offering services). " +
+                    "If specified along with 'supportedservices', this parameter is ignored.")
+    private List<String> addServices;
+
+    @Parameter(name = "dropservices",
+            type = CommandType.LIST,
+            collectionType = CommandType.STRING,
+            description = "Services to remove from the cloned offering (that exist in source offering). " +
+                    "If specified along with 'supportedservices', this parameter is ignored.")
+    private List<String> dropServices;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getSourceOfferingId() {
+        return sourceOfferingId;
+    }
+
+    public List<String> getAddServices() {
+        return addServices;
+    }
+
+    public List<String> getDropServices() {
+        return dropServices;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void create() throws ResourceAllocationException {
+        // Set a temporary entity ID (source offering ID) to prevent NullPointerException
+        // in ApiServer.queueCommand(). This will be updated in execute() with the actual
+        // cloned offering ID.
+        if (sourceOfferingId != null) {
+            setEntityId(sourceOfferingId);
+        }
+    }
+
+    @Override
+    public void execute() {
+        VpcOffering result = _vpcProvSvc.cloneVPCOffering(this);
+        if (result != null) {
+            setEntityId(result.getId());
+            setEntityUuid(result.getUuid());
+
+            VpcOfferingResponse response = _responseGenerator.createVpcOfferingResponse(result);
+            response.setResponseName(getCommandName());
+            this.setResponseObject(response);
+        } else {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to clone VPC offering");
+        }
+    }
+}
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/vpc/CreateVPCOfferingCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/vpc/CreateVPCOfferingCmd.java
index 6b425bc10d21..2b934a60da7a 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/admin/vpc/CreateVPCOfferingCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/vpc/CreateVPCOfferingCmd.java
@@ -28,7 +28,6 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
-import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.network.Network;
 import com.cloud.network.VirtualRouterProvider;
 import com.cloud.offering.NetworkOffering;
@@ -161,6 +160,12 @@ public class CreateVPCOfferingCmd extends BaseAsyncCreateCmd {
             description = "the routing mode for the VPC offering. Supported types are: Static or Dynamic.")
     private String routingMode;
 
+    @Parameter(name = ApiConstants.CONSERVE_MODE, type = CommandType.BOOLEAN,
+            since = "4.23.0",
+            description = "True if the VPC offering is IP conserve mode enabled, allowing public IPs to be used across multiple VPC tiers. Default value is false")
+    private Boolean conserveMode;
+
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -179,9 +184,7 @@ public boolean isExternalNetworkProvider() {
     }
 
     public List<String> getSupportedServices() {
-        if (!isExternalNetworkProvider() && CollectionUtils.isEmpty(supportedServices)) {
-            throw new InvalidParameterValueException("Supported services needs to be provided");
-        }
+        // For external network providers, auto-populate services based on network mode
         if (isExternalNetworkProvider()) {
             supportedServices = new ArrayList<>(List.of(
                     Dhcp.getName(),
@@ -311,6 +314,10 @@ public String getRoutingMode() {
         return routingMode;
     }
 
+    public boolean isConserveMode() {
+        return BooleanUtils.toBoolean(conserveMode);
+    }
+
     @Override
     public void create() throws ResourceAllocationException {
         VpcOffering vpcOff = _vpcProvSvc.createVpcOffering(this);
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
index 056807b9b535..2bc5fc2ee68b 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/firewall/CreatePortForwardingRuleCmd.java
@@ -54,7 +54,6 @@
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
 public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule {
 
-
     // ///////////////////////////////////////////////////
     // ////////////// API parameters /////////////////////
     // ///////////////////////////////////////////////////
@@ -278,13 +277,7 @@ public State getState() {
     @Override
     public long getNetworkId() {
         IpAddress ip = _entityMgr.findById(IpAddress.class, getIpAddressId());
-        Long ntwkId = null;
-
-        if (ip.getAssociatedWithNetworkId() != null) {
-            ntwkId = ip.getAssociatedWithNetworkId();
-        } else {
-            ntwkId = networkId;
-        }
+        Long ntwkId = _networkService.getPreferredNetworkIdForPublicIpRuleAssignment(ip, networkId);
         if (ntwkId == null) {
             throw new InvalidParameterValueException("Unable to create port forwarding rule for the ipAddress id=" + ipAddressId +
                     " as ip is not associated with any network and no networkId is passed in");
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/loadbalancer/AssignToLoadBalancerRuleCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/loadbalancer/AssignToLoadBalancerRuleCmd.java
index 6d8d356cea4d..cc7cd2382b75 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/loadbalancer/AssignToLoadBalancerRuleCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/loadbalancer/AssignToLoadBalancerRuleCmd.java
@@ -23,6 +23,8 @@
 import java.util.List;
 import java.util.Map;
 
+import com.cloud.network.Network;
+import com.cloud.utils.Pair;
 import com.cloud.utils.exception.CloudRuntimeException;
 
 import org.apache.cloudstack.api.APICommand;
@@ -72,7 +74,7 @@ public class AssignToLoadBalancerRuleCmd extends BaseAsyncCmd {
 
     @Parameter(name = ApiConstants.VIRTUAL_MACHINE_ID_IP,
             type = CommandType.MAP,
-            description = "VM ID and IP map, vmidipmap[0].vmid=1 vmidipmap[0].vmip=10.1.1.75",
+            description = "VM ID and IP map, vmidipmap[0].vmid=1 vmidipmap[0].vmip=10.1.1.75. (Optional, for VPC Conserve Mode) Pass vmnetworkid. Example: vmidipmap[0].vmnetworkid=NETWORK_TIER_UUID",
             since = "4.4")
     private Map vmIdIpMap;
 
@@ -116,8 +118,9 @@ public String getEventDescription() {
     }
 
 
-    public Map<Long, List<String>> getVmIdIpListMap() {
-        Map<Long, List<String>> vmIdIpsMap = new HashMap<Long, List<String>>();
+    public Pair<Map<Long, List<String>>, Map<Long, Long>> getVmIdIpListMapAndVmIdNetworkMap() {
+        Map<Long, List<String>> vmIdIpsMap = new HashMap<>();
+        Map<Long, Long> vmIdNetworkMap = new HashMap<>();
         if (vmIdIpMap != null && !vmIdIpMap.isEmpty()) {
             Collection idIpsCollection = vmIdIpMap.values();
             Iterator iter = idIpsCollection.iterator();
@@ -125,6 +128,7 @@ public Map<Long, List<String>> getVmIdIpListMap() {
                 HashMap<String, String> idIpsMap = (HashMap<String, String>)iter.next();
                 String vmId = idIpsMap.get("vmid");
                 String vmIp = idIpsMap.get("vmip");
+                String vmNetworkUuid = idIpsMap.get("vmnetworkid");
 
                 VirtualMachine lbvm = _entityMgr.findByUuid(VirtualMachine.class, vmId);
                 if (lbvm == null) {
@@ -145,25 +149,35 @@ public Map<Long, List<String>> getVmIdIpListMap() {
                     ipsList = new ArrayList<String>();
                 }
                 ipsList.add(vmIp);
+
+                if (vmNetworkUuid != null) {
+                    Network vmNetwork = _entityMgr.findByUuid(Network.class, vmNetworkUuid);
+                    if (vmNetwork == null) {
+                        throw new InvalidParameterValueException("Unable to find Network ID: " + vmNetworkUuid);
+                    }
+                    vmIdNetworkMap.put(longVmId, vmNetwork.getId());
+                }
                 vmIdIpsMap.put(longVmId, ipsList);
 
             }
         }
 
-        return vmIdIpsMap;
+        return new Pair<>(vmIdIpsMap, vmIdNetworkMap);
     }
 
     @Override
     public void execute() {
         CallContext.current().setEventDetails("Load balancer ID: " + getResourceUuid(ApiConstants.ID) + " Instances IDs: " + StringUtils.join(getVirtualMachineIds(), ","));
 
-        Map<Long, List<String>> vmIdIpsMap = getVmIdIpListMap();
+        Pair<Map<Long, List<String>>, Map<Long, Long>> mapsPair = getVmIdIpListMapAndVmIdNetworkMap();
+        Map<Long, List<String>> vmIdIpsMap = mapsPair.first();
+        Map<Long, Long> vmIdNetworkMap = mapsPair.second();
         boolean result = false;
 
         try {
-            result = _lbService.assignToLoadBalancer(getLoadBalancerId(), virtualMachineIds, vmIdIpsMap, false);
+            result = _lbService.assignToLoadBalancer(getLoadBalancerId(), virtualMachineIds, vmIdIpsMap, vmIdNetworkMap, false);
         }catch (CloudRuntimeException ex) {
-            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to assign load balancer rule");
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to assign load balancer rule due to: " + ex.getMessage());
         }
 
         if (result) {
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/FirewallRuleResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/FirewallRuleResponse.java
index 48097e51d992..aed56a369089 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/FirewallRuleResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/FirewallRuleResponse.java
@@ -94,6 +94,10 @@ public class FirewallRuleResponse extends BaseResponse {
     @Param(description = "The ID of the guest Network the port forwarding rule belongs to")
     private String networkId;
 
+    @SerializedName(ApiConstants.NETWORK_NAME)
+    @Param(description = "The Name of the guest Network the port forwarding rule belongs to")
+    private String networkName;
+
     @SerializedName(ApiConstants.FOR_DISPLAY)
     @Param(description = "Is firewall for display to the regular user", since = "4.4", authorized = {RoleType.Admin})
     private Boolean forDisplay;
@@ -223,6 +227,10 @@ public void setNetworkId(String networkId) {
         this.networkId = networkId;
     }
 
+    public void setNetworkName(String networkName) {
+        this.networkName = networkName;
+    }
+
     public void setForDisplay(Boolean forDisplay) {
         this.forDisplay = forDisplay;
     }
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
index a0516e660e48..2e821dae52de 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
@@ -102,6 +102,10 @@ public class VpcOfferingResponse extends BaseResponse {
     @Param(description = "The routing mode for the network offering, supported types are Static or Dynamic.")
     private String routingMode;
 
+    @SerializedName(ApiConstants.CONSERVE_MODE)
+    @Param(description = "True if the VPC offering is IP conserve mode enabled, allowing public IP services to be used across multiple VPC tiers.", since = "4.23.0")
+    private Boolean conserveMode;
+
     public void setId(String id) {
         this.id = id;
     }
@@ -201,4 +205,12 @@ public String getRoutingMode() {
     public void setRoutingMode(String routingMode) {
         this.routingMode = routingMode;
     }
+
+    public Boolean getConserveMode() {
+        return conserveMode;
+    }
+
+    public void setConserveMode(Boolean conserveMode) {
+        this.conserveMode = conserveMode;
+    }
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/VpcResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/VpcResponse.java
index 2648ba836785..acfabb113502 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/VpcResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/VpcResponse.java
@@ -73,6 +73,10 @@ public class VpcResponse extends BaseResponseWithAnnotations implements Controll
     @Param(description = "VPC offering name the VPC is created from", since = "4.13.2")
     private String vpcOfferingName;
 
+    @SerializedName(ApiConstants.VPC_OFFERING_CONSERVE_MODE)
+    @Param(description = "true if VPC offering is ip conserve mode enabled", since = "4.23")
+    private Boolean vpcOfferingConserveMode;
+
     @SerializedName(ApiConstants.CREATED)
     @Param(description = "The date this VPC was created")
     private Date created;
@@ -197,6 +201,10 @@ public void setDisplayText(final String displayText) {
         this.displayText = displayText;
     }
 
+    public void setVpcOfferingConserveMode(Boolean vpcOfferingConserveMode) {
+        this.vpcOfferingConserveMode = vpcOfferingConserveMode;
+    }
+
     public void setCreated(final Date created) {
         this.created = created;
     }
diff --git a/api/src/main/java/org/apache/cloudstack/backup/BackupManager.java b/api/src/main/java/org/apache/cloudstack/backup/BackupManager.java
index e83db3a25895..6c0121a3e4d8 100644
--- a/api/src/main/java/org/apache/cloudstack/backup/BackupManager.java
+++ b/api/src/main/java/org/apache/cloudstack/backup/BackupManager.java
@@ -22,6 +22,7 @@
 
 import com.cloud.capacity.Capacity;
 import com.cloud.exception.ResourceAllocationException;
+import org.apache.cloudstack.api.command.admin.backup.CloneBackupOfferingCmd;
 import org.apache.cloudstack.api.command.admin.backup.ImportBackupOfferingCmd;
 import org.apache.cloudstack.api.command.admin.backup.UpdateBackupOfferingCmd;
 import org.apache.cloudstack.api.command.user.backup.CreateBackupCmd;
@@ -140,6 +141,12 @@ public interface BackupManager extends BackupService, Configurable, PluggableSer
 
     List<Long> getBackupOfferingDomains(final Long offeringId);
 
+    /**
+     * Clone an existing backup offering with updated values
+     * @param cmd clone backup offering cmd
+     */
+    BackupOffering cloneBackupOffering(final CloneBackupOfferingCmd cmd);
+
     /**
      * List backup offerings
      * @param ListBackupOfferingsCmd API cmd
diff --git a/api/src/test/java/org/apache/cloudstack/api/command/admin/backup/CloneBackupOfferingCmdTest.java b/api/src/test/java/org/apache/cloudstack/api/command/admin/backup/CloneBackupOfferingCmdTest.java
new file mode 100644
index 000000000000..a1412d5a76a7
--- /dev/null
+++ b/api/src/test/java/org/apache/cloudstack/api/command/admin/backup/CloneBackupOfferingCmdTest.java
@@ -0,0 +1,301 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.admin.backup;
+
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.utils.exception.CloudRuntimeException;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ResponseGenerator;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.BackupOfferingResponse;
+import org.apache.cloudstack.backup.BackupManager;
+import org.apache.cloudstack.backup.BackupOffering;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class CloneBackupOfferingCmdTest {
+
+    private CloneBackupOfferingCmd cloneBackupOfferingCmd;
+
+    @Mock
+    private BackupManager backupManager;
+
+    @Mock
+    private ResponseGenerator responseGenerator;
+
+    @Mock
+    private BackupOffering mockBackupOffering;
+
+    @Mock
+    private BackupOfferingResponse mockBackupOfferingResponse;
+
+    @Before
+    public void setUp() {
+        cloneBackupOfferingCmd = new CloneBackupOfferingCmd();
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "backupManager", backupManager);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "_responseGenerator", responseGenerator);
+    }
+
+    @Test
+    public void testGetSourceOfferingId() {
+        Long sourceOfferingId = 999L;
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", sourceOfferingId);
+        assertEquals(sourceOfferingId, cloneBackupOfferingCmd.getSourceOfferingId());
+    }
+
+    @Test
+    public void testGetName() {
+        String name = "ClonedBackupOffering";
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "name", name);
+        assertEquals(name, cloneBackupOfferingCmd.getName());
+    }
+
+    @Test
+    public void testGetDescription() {
+        String description = "Cloned Backup Offering Description";
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "description", description);
+        assertEquals(description, cloneBackupOfferingCmd.getDescription());
+    }
+
+    @Test
+    public void testGetZoneId() {
+        Long zoneId = 123L;
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "zoneId", zoneId);
+        assertEquals(zoneId, cloneBackupOfferingCmd.getZoneId());
+    }
+
+    @Test
+    public void testGetExternalId() {
+        String externalId = "external-backup-123";
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "externalId", externalId);
+        assertEquals(externalId, cloneBackupOfferingCmd.getExternalId());
+    }
+
+    @Test
+    public void testGetAllowUserDrivenBackups() {
+        Boolean allowUserDrivenBackups = true;
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "userDrivenBackups", allowUserDrivenBackups);
+        assertEquals(allowUserDrivenBackups, cloneBackupOfferingCmd.getUserDrivenBackups());
+    }
+
+    @Test
+    public void testAllowUserDrivenBackupsDefaultTrue() {
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "userDrivenBackups", null);
+        Boolean result = cloneBackupOfferingCmd.getUserDrivenBackups();
+        assertTrue(result == null || result);
+    }
+
+    @Test
+    public void testAllowUserDrivenBackupsFalse() {
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "userDrivenBackups", false);
+        assertEquals(Boolean.FALSE, cloneBackupOfferingCmd.getUserDrivenBackups());
+    }
+
+    @Test
+    public void testExecuteSuccess() throws Exception {
+        Long sourceOfferingId = 999L;
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", sourceOfferingId);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "name", "ClonedBackupOffering");
+
+        when(backupManager.cloneBackupOffering(any(CloneBackupOfferingCmd.class))).thenReturn(mockBackupOffering);
+        when(responseGenerator.createBackupOfferingResponse(mockBackupOffering)).thenReturn(mockBackupOfferingResponse);
+
+        cloneBackupOfferingCmd.execute();
+
+        assertNotNull(cloneBackupOfferingCmd.getResponseObject());
+        assertEquals(mockBackupOfferingResponse, cloneBackupOfferingCmd.getResponseObject());
+    }
+
+    @Test
+    public void testExecuteFailure() throws Exception {
+        Long sourceOfferingId = 999L;
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(backupManager.cloneBackupOffering(any(CloneBackupOfferingCmd.class))).thenReturn(null);
+
+        try {
+            cloneBackupOfferingCmd.execute();
+            fail("Expected ServerApiException to be thrown");
+        } catch (ServerApiException e) {
+            assertEquals(ApiErrorCode.INTERNAL_ERROR, e.getErrorCode());
+            assertEquals("Failed to clone backup offering", e.getMessage());
+        }
+    }
+
+    @Test
+    public void testExecuteWithInvalidParameterException() throws Exception {
+        Long sourceOfferingId = 999L;
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(backupManager.cloneBackupOffering(any(CloneBackupOfferingCmd.class)))
+            .thenThrow(new InvalidParameterValueException("Invalid source offering ID"));
+
+        try {
+            cloneBackupOfferingCmd.execute();
+            fail("Expected ServerApiException to be thrown");
+        } catch (ServerApiException e) {
+            assertEquals(ApiErrorCode.PARAM_ERROR, e.getErrorCode());
+            assertEquals("Invalid source offering ID", e.getMessage());
+        }
+    }
+
+    @Test
+    public void testExecuteWithCloudRuntimeException() throws Exception {
+        Long sourceOfferingId = 999L;
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(backupManager.cloneBackupOffering(any(CloneBackupOfferingCmd.class)))
+            .thenThrow(new CloudRuntimeException("Runtime error during clone"));
+
+        try {
+            cloneBackupOfferingCmd.execute();
+            fail("Expected ServerApiException to be thrown");
+        } catch (ServerApiException e) {
+            assertEquals(ApiErrorCode.INTERNAL_ERROR, e.getErrorCode());
+            assertEquals("Runtime error during clone", e.getMessage());
+        }
+    }
+
+    @Test
+    public void testExecuteSuccessWithAllParameters() throws Exception {
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", 999L);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "name", "ClonedBackupOffering");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "description", "Test Description");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "zoneId", 123L);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "externalId", "ext-123");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "userDrivenBackups", true);
+
+        when(backupManager.cloneBackupOffering(any(CloneBackupOfferingCmd.class))).thenReturn(mockBackupOffering);
+        when(responseGenerator.createBackupOfferingResponse(mockBackupOffering)).thenReturn(mockBackupOfferingResponse);
+
+        cloneBackupOfferingCmd.execute();
+
+        assertNotNull(cloneBackupOfferingCmd.getResponseObject());
+        assertEquals(mockBackupOfferingResponse, cloneBackupOfferingCmd.getResponseObject());
+    }
+
+    @Test
+    public void testCloneWithAllParameters() {
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", 999L);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "name", "ClonedBackupOffering");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "description", "Cloned backup offering for testing");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "zoneId", 123L);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "externalId", "external-backup-123");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "userDrivenBackups", true);
+
+        assertEquals(Long.valueOf(999L), cloneBackupOfferingCmd.getSourceOfferingId());
+        assertEquals("ClonedBackupOffering", cloneBackupOfferingCmd.getName());
+        assertEquals("Cloned backup offering for testing", cloneBackupOfferingCmd.getDescription());
+        assertEquals(Long.valueOf(123L), cloneBackupOfferingCmd.getZoneId());
+        assertEquals("external-backup-123", cloneBackupOfferingCmd.getExternalId());
+        assertEquals(Boolean.TRUE, cloneBackupOfferingCmd.getUserDrivenBackups());
+    }
+
+    @Test
+    public void testCloneWithMinimalParameters() {
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", 999L);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "name", "ClonedBackupOffering");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "description", "Description");
+
+        assertEquals(Long.valueOf(999L), cloneBackupOfferingCmd.getSourceOfferingId());
+        assertEquals("ClonedBackupOffering", cloneBackupOfferingCmd.getName());
+        assertEquals("Description", cloneBackupOfferingCmd.getDescription());
+
+        assertNull(cloneBackupOfferingCmd.getZoneId());
+        assertNull(cloneBackupOfferingCmd.getExternalId());
+    }
+
+    @Test
+    public void testSourceOfferingIdNullByDefault() {
+        assertNull(cloneBackupOfferingCmd.getSourceOfferingId());
+    }
+
+    @Test
+    public void testNameNullByDefault() {
+        assertNull(cloneBackupOfferingCmd.getName());
+    }
+
+    @Test
+    public void testDescriptionNullByDefault() {
+        assertNull(cloneBackupOfferingCmd.getDescription());
+    }
+
+    @Test
+    public void testZoneIdNullByDefault() {
+        assertNull(cloneBackupOfferingCmd.getZoneId());
+    }
+
+    @Test
+    public void testExternalIdNullByDefault() {
+        assertNull(cloneBackupOfferingCmd.getExternalId());
+    }
+
+    @Test
+    public void testCloneBackupOfferingInheritingZone() {
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", 999L);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "name", "ClonedBackupOffering");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "description", "Clone with inherited zone");
+
+        assertEquals(Long.valueOf(999L), cloneBackupOfferingCmd.getSourceOfferingId());
+        assertNull(cloneBackupOfferingCmd.getZoneId());
+    }
+
+    @Test
+    public void testCloneBackupOfferingInheritingExternalId() {
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", 999L);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "name", "ClonedBackupOffering");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "description", "Clone with inherited external ID");
+
+        assertEquals(Long.valueOf(999L), cloneBackupOfferingCmd.getSourceOfferingId());
+        assertNull(cloneBackupOfferingCmd.getExternalId());
+    }
+
+    @Test
+    public void testCloneBackupOfferingOverridingZone() {
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", 999L);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "name", "ClonedBackupOffering");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "description", "Clone with new zone");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "zoneId", 456L);
+
+        assertEquals(Long.valueOf(999L), cloneBackupOfferingCmd.getSourceOfferingId());
+        assertEquals(Long.valueOf(456L), cloneBackupOfferingCmd.getZoneId());
+    }
+
+    @Test
+    public void testCloneBackupOfferingDisallowUserDrivenBackups() {
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "sourceOfferingId", 999L);
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "name", "ClonedBackupOffering");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "description", "Clone without user-driven backups");
+        ReflectionTestUtils.setField(cloneBackupOfferingCmd, "userDrivenBackups", false);
+
+        assertEquals(Boolean.FALSE, cloneBackupOfferingCmd.getUserDrivenBackups());
+    }
+}
diff --git a/api/src/test/java/org/apache/cloudstack/api/command/admin/network/CloneNetworkOfferingCmdTest.java b/api/src/test/java/org/apache/cloudstack/api/command/admin/network/CloneNetworkOfferingCmdTest.java
new file mode 100644
index 000000000000..096395b1359e
--- /dev/null
+++ b/api/src/test/java/org/apache/cloudstack/api/command/admin/network/CloneNetworkOfferingCmdTest.java
@@ -0,0 +1,324 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.admin.network;
+
+import com.cloud.offering.NetworkOffering;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ResponseGenerator;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.NetworkOfferingResponse;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class CloneNetworkOfferingCmdTest {
+
+    private CloneNetworkOfferingCmd cloneNetworkOfferingCmd;
+
+    @Mock
+    private com.cloud.configuration.ConfigurationService configService;
+
+    @Mock
+    private ResponseGenerator responseGenerator;
+
+    @Mock
+    private NetworkOffering mockNetworkOffering;
+
+    @Mock
+    private NetworkOfferingResponse mockNetworkOfferingResponse;
+
+    @Before
+    public void setUp() {
+        cloneNetworkOfferingCmd = new CloneNetworkOfferingCmd();
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "_configService", configService);
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "_responseGenerator", responseGenerator);
+    }
+
+    @Test
+    public void testGetSourceOfferingId() {
+        Long sourceOfferingId = 123L;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "sourceOfferingId", sourceOfferingId);
+        assertEquals(sourceOfferingId, cloneNetworkOfferingCmd.getSourceOfferingId());
+    }
+
+    @Test
+    public void testGetAddServices() {
+        List<String> addServices = Arrays.asList("Dhcp", "Dns");
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "addServices", addServices);
+        assertEquals(addServices, cloneNetworkOfferingCmd.getAddServices());
+    }
+
+    @Test
+    public void testGetDropServices() {
+        List<String> dropServices = Arrays.asList("Firewall", "Vpn");
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "dropServices", dropServices);
+        assertEquals(dropServices, cloneNetworkOfferingCmd.getDropServices());
+    }
+
+    @Test
+    public void testGetGuestIpType() {
+        String guestIpType = "Isolated";
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "guestIptype", guestIpType);
+        assertEquals(guestIpType, cloneNetworkOfferingCmd.getGuestIpType());
+    }
+
+    @Test
+    public void testGetTraffictype() {
+        String trafficType = "GUEST";
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "traffictype", trafficType);
+        assertEquals(trafficType, cloneNetworkOfferingCmd.getTraffictype());
+    }
+
+    @Test
+    public void testGetName() {
+        String name = "ClonedNetworkOffering";
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "networkOfferingName", name);
+        assertEquals(name, cloneNetworkOfferingCmd.getNetworkOfferingName());
+    }
+
+    @Test
+    public void testGetDisplayText() {
+        String displayText = "Cloned Network Offering Display Text";
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "displayText", displayText);
+        assertEquals(displayText, cloneNetworkOfferingCmd.getDisplayText());
+    }
+
+    @Test
+    public void testGetDisplayTextDefaultsToName() {
+        String name = "ClonedNetworkOffering";
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "networkOfferingName", name);
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "displayText", null);
+        assertEquals(name, cloneNetworkOfferingCmd.getDisplayText());
+    }
+
+    @Test
+    public void testGetAvailability() {
+        String availability = "Required";
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "availability", availability);
+        assertEquals(availability, cloneNetworkOfferingCmd.getAvailability());
+    }
+
+    @Test
+    public void testGetTags() {
+        String tags = "tag1,tag2,tag3";
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "tags", tags);
+        assertEquals(tags, cloneNetworkOfferingCmd.getTags());
+    }
+
+    @Test
+    public void testExecuteSuccess() {
+        Long sourceOfferingId = 123L;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(configService.cloneNetworkOffering(any(CloneNetworkOfferingCmd.class))).thenReturn(mockNetworkOffering);
+        when(responseGenerator.createNetworkOfferingResponse(mockNetworkOffering)).thenReturn(mockNetworkOfferingResponse);
+
+        cloneNetworkOfferingCmd.execute();
+
+        assertNotNull(cloneNetworkOfferingCmd.getResponseObject());
+        assertEquals(mockNetworkOfferingResponse, cloneNetworkOfferingCmd.getResponseObject());
+    }
+
+    @Test(expected = ServerApiException.class)
+    public void testExecuteFailure() {
+        Long sourceOfferingId = 123L;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(configService.cloneNetworkOffering(any(CloneNetworkOfferingCmd.class))).thenReturn(null);
+
+        try {
+            cloneNetworkOfferingCmd.execute();
+            fail("Expected ServerApiException to be thrown");
+        } catch (ServerApiException e) {
+            assertEquals(ApiErrorCode.INTERNAL_ERROR, e.getErrorCode());
+            assertEquals("Failed to clone network offering", e.getMessage());
+            throw e;
+        }
+    }
+
+    @Test
+    public void testGetConserveMode() {
+        Boolean conserveMode = true;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "conserveMode", conserveMode);
+        assertEquals(conserveMode, cloneNetworkOfferingCmd.getConserveMode());
+    }
+
+    @Test
+    public void testGetSpecifyVlan() {
+        Boolean specifyVlan = false;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "specifyVlan", specifyVlan);
+        assertEquals(specifyVlan, cloneNetworkOfferingCmd.getSpecifyVlan());
+    }
+
+    @Test
+    public void testGetSpecifyIpRanges() {
+        Boolean specifyIpRanges = true;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "specifyIpRanges", specifyIpRanges);
+        assertEquals(specifyIpRanges, cloneNetworkOfferingCmd.getSpecifyIpRanges());
+    }
+
+    @Test
+    public void testGetIsPersistent() {
+        Boolean isPersistent = true;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "isPersistent", isPersistent);
+        assertEquals(isPersistent, cloneNetworkOfferingCmd.getIsPersistent());
+    }
+
+    @Test
+    public void testGetEgressDefaultPolicy() {
+        Boolean egressDefaultPolicy = false;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "egressDefaultPolicy", egressDefaultPolicy);
+        assertEquals(egressDefaultPolicy, cloneNetworkOfferingCmd.getEgressDefaultPolicy());
+    }
+
+    @Test
+    public void testGetServiceOfferingId() {
+        Long serviceOfferingId = 456L;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "serviceOfferingId", serviceOfferingId);
+        assertEquals(serviceOfferingId, cloneNetworkOfferingCmd.getServiceOfferingId());
+    }
+
+    @Test
+    public void testGetForVpc() {
+        Boolean forVpc = true;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "forVpc", forVpc);
+        assertEquals(forVpc, cloneNetworkOfferingCmd.getForVpc());
+    }
+
+    @Test
+    public void testGetMaxConnections() {
+        Integer maxConnections = 1000;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "maxConnections", maxConnections);
+        assertEquals(maxConnections, cloneNetworkOfferingCmd.getMaxconnections());
+    }
+
+    @Test
+    public void testGetNetworkRate() {
+        Integer networkRate = 200;
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "networkRate", networkRate);
+        assertEquals(networkRate, cloneNetworkOfferingCmd.getNetworkRate());
+    }
+
+    @Test
+    public void testGetInternetProtocol() {
+        String internetProtocol = "ipv4";
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "internetProtocol", internetProtocol);
+        assertEquals(internetProtocol, cloneNetworkOfferingCmd.getInternetProtocol());
+    }
+
+    @Test
+    public void testAddServicesNullByDefault() {
+        assertNull(cloneNetworkOfferingCmd.getAddServices());
+    }
+
+    @Test
+    public void testDropServicesNullByDefault() {
+        assertNull(cloneNetworkOfferingCmd.getDropServices());
+    }
+
+    @Test
+    public void testSupportedServicesParameter() {
+        List<String> supportedServices = Arrays.asList("Dhcp", "Dns", "SourceNat");
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "supportedServices", supportedServices);
+        assertEquals(supportedServices, cloneNetworkOfferingCmd.getSupportedServices());
+    }
+
+    @Test
+    public void testServiceProviderListParameter() {
+        Map<String, HashMap<String, String>> serviceProviderList = new HashMap<>();
+
+        HashMap<String, String> dhcpProvider = new HashMap<>();
+        dhcpProvider.put("service", "Dhcp");
+        dhcpProvider.put("provider", "VirtualRouter");
+
+        HashMap<String, String> dnsProvider = new HashMap<>();
+        dnsProvider.put("service", "Dns");
+        dnsProvider.put("provider", "VirtualRouter");
+
+        serviceProviderList.put("0", dhcpProvider);
+        serviceProviderList.put("1", dnsProvider);
+
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "serviceProviderList", serviceProviderList);
+
+        Map<String, List<String>> result = cloneNetworkOfferingCmd.getServiceProviders();
+        assertNotNull(result);
+        assertEquals(2, result.size());
+        assertNotNull(result.get("Dhcp"));
+        assertNotNull(result.get("Dns"));
+        assertEquals("VirtualRouter", result.get("Dhcp").get(0));
+        assertEquals("VirtualRouter", result.get("Dns").get(0));
+    }
+
+    @Test
+    public void testCloneWithAllParameters() {
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "sourceOfferingId", 123L);
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "networkOfferingName", "ClonedOffering");
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "displayText", "Cloned Offering Display");
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "availability", "Optional");
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "guestIptype", "Isolated");
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "traffictype", "GUEST");
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "conserveMode", true);
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "specifyVlan", false);
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "isPersistent", true);
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "egressDefaultPolicy", false);
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "networkRate", 200);
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "serviceOfferingId", 456L);
+
+        assertEquals(Long.valueOf(123L), cloneNetworkOfferingCmd.getSourceOfferingId());
+        assertEquals("ClonedOffering", cloneNetworkOfferingCmd.getNetworkOfferingName());
+        assertEquals("Cloned Offering Display", cloneNetworkOfferingCmd.getDisplayText());
+        assertEquals("Optional", cloneNetworkOfferingCmd.getAvailability());
+        assertEquals("Isolated", cloneNetworkOfferingCmd.getGuestIpType());
+        assertEquals("GUEST", cloneNetworkOfferingCmd.getTraffictype());
+        assertEquals(Boolean.TRUE, cloneNetworkOfferingCmd.getConserveMode());
+        assertEquals(Boolean.FALSE, cloneNetworkOfferingCmd.getSpecifyVlan());
+        assertEquals(Boolean.TRUE, cloneNetworkOfferingCmd.getIsPersistent());
+        assertEquals(Boolean.FALSE, cloneNetworkOfferingCmd.getEgressDefaultPolicy());
+        assertEquals(Integer.valueOf(200), cloneNetworkOfferingCmd.getNetworkRate());
+        assertEquals(Long.valueOf(456L), cloneNetworkOfferingCmd.getServiceOfferingId());
+    }
+
+    @Test
+    public void testCloneWithAddAndDropServices() {
+        List<String> addServices = Arrays.asList("StaticNat", "PortForwarding");
+        List<String> dropServices = Arrays.asList("Vpn");
+
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "sourceOfferingId", 123L);
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "addServices", addServices);
+        ReflectionTestUtils.setField(cloneNetworkOfferingCmd, "dropServices", dropServices);
+
+        assertEquals(addServices, cloneNetworkOfferingCmd.getAddServices());
+        assertEquals(dropServices, cloneNetworkOfferingCmd.getDropServices());
+    }
+}
diff --git a/api/src/test/java/org/apache/cloudstack/api/command/admin/offering/CloneServiceOfferingCmdTest.java b/api/src/test/java/org/apache/cloudstack/api/command/admin/offering/CloneServiceOfferingCmdTest.java
new file mode 100644
index 000000000000..b4f7c55bd1fa
--- /dev/null
+++ b/api/src/test/java/org/apache/cloudstack/api/command/admin/offering/CloneServiceOfferingCmdTest.java
@@ -0,0 +1,669 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.admin.offering;
+
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.offering.ServiceOffering;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ResponseGenerator;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.ServiceOfferingResponse;
+import org.apache.cloudstack.vm.lease.VMLeaseManager;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class CloneServiceOfferingCmdTest {
+
+    private CloneServiceOfferingCmd cloneServiceOfferingCmd;
+
+    @Mock
+    private com.cloud.configuration.ConfigurationService configService;
+
+    @Mock
+    private ResponseGenerator responseGenerator;
+
+    @Mock
+    private ServiceOffering mockServiceOffering;
+
+    @Mock
+    private ServiceOfferingResponse mockServiceOfferingResponse;
+
+    @Before
+    public void setUp() {
+        cloneServiceOfferingCmd = new CloneServiceOfferingCmd();
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "_configService", configService);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "_responseGenerator", responseGenerator);
+    }
+
+    @Test
+    public void testGetSourceOfferingId() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+        assertEquals(sourceOfferingId, cloneServiceOfferingCmd.getSourceOfferingId());
+    }
+
+    @Test
+    public void testGetServiceOfferingName() {
+        String name = "ClonedServiceOffering";
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", name);
+        assertEquals(name, cloneServiceOfferingCmd.getServiceOfferingName());
+    }
+
+    @Test
+    public void testGetDisplayText() {
+        String displayText = "Cloned Service Offering Display Text";
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "displayText", displayText);
+        assertEquals(displayText, cloneServiceOfferingCmd.getDisplayText());
+    }
+
+    @Test
+    public void testGetDisplayTextDefaultsToName() {
+        String name = "ClonedServiceOffering";
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", name);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "displayText", null);
+        assertEquals(name, cloneServiceOfferingCmd.getDisplayText());
+    }
+
+    @Test
+    public void testGetCpu() {
+        Integer cpu = 4;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "cpuNumber", cpu);
+        assertEquals(cpu, cloneServiceOfferingCmd.getCpuNumber());
+    }
+
+    @Test
+    public void testGetMemory() {
+        Integer memory = 8192;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "memory", memory);
+        assertEquals(memory, cloneServiceOfferingCmd.getMemory());
+    }
+
+    @Test
+    public void testGetCpuSpeed() {
+        Integer cpuSpeed = 2000;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "cpuSpeed", cpuSpeed);
+        assertEquals(cpuSpeed, cloneServiceOfferingCmd.getCpuSpeed());
+    }
+
+    @Test
+    public void testGetOfferHa() {
+        Boolean offerHa = true;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "offerHa", offerHa);
+        assertEquals(offerHa, cloneServiceOfferingCmd.isOfferHa());
+    }
+
+    @Test
+    public void testGetLimitCpuUse() {
+        Boolean limitCpuUse = false;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "limitCpuUse", limitCpuUse);
+        assertEquals(limitCpuUse, cloneServiceOfferingCmd.isLimitCpuUse());
+    }
+
+    @Test
+    public void testGetVolatileVm() {
+        Boolean volatileVm = true;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "isVolatile", volatileVm);
+        assertEquals(volatileVm, cloneServiceOfferingCmd.isVolatileVm());
+    }
+
+    @Test
+    public void testGetStorageType() {
+        String storageType = "local";
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "storageType", storageType);
+        assertEquals(storageType, cloneServiceOfferingCmd.getStorageType());
+    }
+
+    @Test
+    public void testGetTags() {
+        String tags = "ssd,premium,dedicated";
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "tags", tags);
+        assertEquals(tags, cloneServiceOfferingCmd.getTags());
+    }
+
+    @Test
+    public void testGetHostTag() {
+        String hostTag = "gpu-enabled";
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "hostTag", hostTag);
+        assertEquals(hostTag, cloneServiceOfferingCmd.getHostTag());
+    }
+
+    @Test
+    public void testGetNetworkRate() {
+        Integer networkRate = 1000;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "networkRate", networkRate);
+        assertEquals(networkRate, cloneServiceOfferingCmd.getNetworkRate());
+    }
+
+    @Test
+    public void testGetDeploymentPlanner() {
+        String deploymentPlanner = "UserDispersingPlanner";
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "deploymentPlanner", deploymentPlanner);
+        assertEquals(deploymentPlanner, cloneServiceOfferingCmd.getDeploymentPlanner());
+    }
+
+    @Test
+    public void testGetDetails() {
+        Map<String, HashMap<String, String>> details = new HashMap<>();
+
+        HashMap<String, String> cpuOvercommit = new HashMap<>();
+        cpuOvercommit.put("key", "cpuOvercommitRatio");
+        cpuOvercommit.put("value", "2.0");
+
+        HashMap<String, String> memoryOvercommit = new HashMap<>();
+        memoryOvercommit.put("key", "memoryOvercommitRatio");
+        memoryOvercommit.put("value", "1.5");
+
+        details.put("0", cpuOvercommit);
+        details.put("1", memoryOvercommit);
+
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "details", details);
+
+        Map<String, String> result = cloneServiceOfferingCmd.getDetails();
+        assertNotNull(result);
+        assertEquals("2.0", result.get("cpuOvercommitRatio"));
+        assertEquals("1.5", result.get("memoryOvercommitRatio"));
+    }
+
+    @Test
+    public void testIsPurgeResources() {
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "purgeResources", true);
+        assertTrue(cloneServiceOfferingCmd.isPurgeResources());
+    }
+
+    @Test
+    public void testIsPurgeResourcesFalse() {
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "purgeResources", false);
+        assertFalse(cloneServiceOfferingCmd.isPurgeResources());
+    }
+
+    @Test
+    public void testIsPurgeResourcesDefaultFalse() {
+        assertFalse(cloneServiceOfferingCmd.isPurgeResources());
+    }
+
+    @Test
+    public void testGetLeaseDuration() {
+        Integer leaseDuration = 3600;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "leaseDuration", leaseDuration);
+        assertEquals(leaseDuration, cloneServiceOfferingCmd.getLeaseDuration());
+    }
+
+    @Test
+    public void testGetLeaseExpiryAction() {
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "leaseExpiryAction", "stop");
+        assertEquals(VMLeaseManager.ExpiryAction.STOP, cloneServiceOfferingCmd.getLeaseExpiryAction());
+
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "leaseExpiryAction", "DESTROY");
+        assertEquals(VMLeaseManager.ExpiryAction.DESTROY, cloneServiceOfferingCmd.getLeaseExpiryAction());
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testGetLeaseExpiryActionInvalidValue() {
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "leaseExpiryAction", "InvalidAction");
+        cloneServiceOfferingCmd.getLeaseExpiryAction();
+    }
+
+    @Test
+    public void testGetVgpuProfileId() {
+        Long vgpuProfileId = 10L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "vgpuProfileId", vgpuProfileId);
+        assertEquals(vgpuProfileId, cloneServiceOfferingCmd.getVgpuProfileId());
+    }
+
+    @Test
+    public void testGetGpuCount() {
+        Integer gpuCount = 2;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "gpuCount", gpuCount);
+        assertEquals(gpuCount, cloneServiceOfferingCmd.getGpuCount());
+    }
+
+    @Test
+    public void testGetGpuDisplay() {
+        Boolean gpuDisplay = true;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "gpuDisplay", gpuDisplay);
+        assertEquals(gpuDisplay, cloneServiceOfferingCmd.getGpuDisplay());
+    }
+
+    @Test
+    public void testExecuteSuccess() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class))).thenReturn(mockServiceOffering);
+        when(responseGenerator.createServiceOfferingResponse(mockServiceOffering)).thenReturn(mockServiceOfferingResponse);
+
+        cloneServiceOfferingCmd.execute();
+
+        assertNotNull(cloneServiceOfferingCmd.getResponseObject());
+        assertEquals(mockServiceOfferingResponse, cloneServiceOfferingCmd.getResponseObject());
+    }
+
+    @Test
+    public void testExecuteFailure() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class))).thenReturn(null);
+
+        try {
+            cloneServiceOfferingCmd.execute();
+            fail("Expected ServerApiException to be thrown");
+        } catch (ServerApiException e) {
+            assertEquals(ApiErrorCode.INTERNAL_ERROR, e.getErrorCode());
+            assertEquals("Failed to clone service offering", e.getMessage());
+        }
+    }
+
+    @Test
+    public void testExecuteSuccessWithAllParameters() {
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", 555L);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", "ClonedOffering");
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "displayText", "Test Display");
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "cpuNumber", 4);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "memory", 8192);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "cpuSpeed", 2000);
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class))).thenReturn(mockServiceOffering);
+        when(responseGenerator.createServiceOfferingResponse(mockServiceOffering)).thenReturn(mockServiceOfferingResponse);
+
+        cloneServiceOfferingCmd.execute();
+
+        assertNotNull(cloneServiceOfferingCmd.getResponseObject());
+        assertEquals(mockServiceOfferingResponse, cloneServiceOfferingCmd.getResponseObject());
+    }
+
+    @Test
+    public void testExecuteWithInvalidParameterException() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class)))
+            .thenThrow(new InvalidParameterValueException("Invalid source offering ID"));
+
+        try {
+            cloneServiceOfferingCmd.execute();
+            fail("Expected ServerApiException to be thrown");
+        } catch (ServerApiException e) {
+            assertEquals(ApiErrorCode.PARAM_ERROR, e.getErrorCode());
+            assertEquals("Invalid source offering ID", e.getMessage());
+        }
+    }
+
+    @Test
+    public void testExecuteWithCloudRuntimeException() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class)))
+            .thenThrow(new com.cloud.utils.exception.CloudRuntimeException("Runtime error during clone"));
+
+        try {
+            cloneServiceOfferingCmd.execute();
+            fail("Expected ServerApiException to be thrown");
+        } catch (ServerApiException e) {
+            assertEquals(ApiErrorCode.INTERNAL_ERROR, e.getErrorCode());
+            assertEquals("Runtime error during clone", e.getMessage());
+        }
+    }
+
+    @Test
+    public void testExecuteResponseNameIsSet() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class))).thenReturn(mockServiceOffering);
+        when(responseGenerator.createServiceOfferingResponse(mockServiceOffering)).thenReturn(mockServiceOfferingResponse);
+
+        cloneServiceOfferingCmd.execute();
+
+        assertNotNull(cloneServiceOfferingCmd.getResponseObject());
+        // Verify that response name would be set (actual verification would require accessing the response object's internal state)
+    }
+
+    @Test
+    public void testCloneWithAllParameters() {
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", 555L);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", "ClonedServiceOffering");
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "displayText", "Cloned Service Offering");
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "cpuNumber", 4);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "memory", 8192);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "cpuSpeed", 2000);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "offerHa", true);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "limitCpuUse", false);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "isVolatile", true);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "storageType", "local");
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "tags", "premium");
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "hostTag", "gpu-enabled");
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "networkRate", 1000);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "deploymentPlanner", "UserDispersingPlanner");
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "purgeResources", true);
+
+        assertEquals(Long.valueOf(555L), cloneServiceOfferingCmd.getSourceOfferingId());
+        assertEquals("ClonedServiceOffering", cloneServiceOfferingCmd.getServiceOfferingName());
+        assertEquals("Cloned Service Offering", cloneServiceOfferingCmd.getDisplayText());
+        assertEquals(Integer.valueOf(4), cloneServiceOfferingCmd.getCpuNumber());
+        assertEquals(Integer.valueOf(8192), cloneServiceOfferingCmd.getMemory());
+        assertEquals(Integer.valueOf(2000), cloneServiceOfferingCmd.getCpuSpeed());
+        assertEquals(Boolean.TRUE, cloneServiceOfferingCmd.isOfferHa());
+        assertEquals(Boolean.FALSE, cloneServiceOfferingCmd.isLimitCpuUse());
+        assertEquals(Boolean.TRUE, cloneServiceOfferingCmd.isVolatileVm());
+        assertEquals("local", cloneServiceOfferingCmd.getStorageType());
+        assertEquals("premium", cloneServiceOfferingCmd.getTags());
+        assertEquals("gpu-enabled", cloneServiceOfferingCmd.getHostTag());
+        assertEquals(Integer.valueOf(1000), cloneServiceOfferingCmd.getNetworkRate());
+        assertEquals("UserDispersingPlanner", cloneServiceOfferingCmd.getDeploymentPlanner());
+        assertTrue(cloneServiceOfferingCmd.isPurgeResources());
+    }
+
+    @Test
+    public void testSourceOfferingIdNullByDefault() {
+        assertNull(cloneServiceOfferingCmd.getSourceOfferingId());
+    }
+
+    @Test
+    public void testGetSystemVmType() {
+        String systemVmType = "domainrouter";
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "systemVmType", systemVmType);
+        assertEquals(systemVmType, cloneServiceOfferingCmd.getSystemVmType());
+    }
+
+    @Test
+    public void testGetBytesReadRate() {
+        Long bytesReadRate = 1000000L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "bytesReadRate", bytesReadRate);
+        assertEquals(bytesReadRate, cloneServiceOfferingCmd.getBytesReadRate());
+    }
+
+    @Test
+    public void testGetBytesWriteRate() {
+        Long bytesWriteRate = 1000000L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "bytesWriteRate", bytesWriteRate);
+        assertEquals(bytesWriteRate, cloneServiceOfferingCmd.getBytesWriteRate());
+    }
+
+    @Test
+    public void testGetIopsReadRate() {
+        Long iopsReadRate = 1000L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "iopsReadRate", iopsReadRate);
+        assertEquals(iopsReadRate, cloneServiceOfferingCmd.getIopsReadRate());
+    }
+
+    @Test
+    public void testGetIopsWriteRate() {
+        Long iopsWriteRate = 1000L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "iopsWriteRate", iopsWriteRate);
+        assertEquals(iopsWriteRate, cloneServiceOfferingCmd.getIopsWriteRate());
+    }
+
+    @Test
+    public void testCloneServiceOfferingWithGpuProfile() {
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", 555L);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", "GPU-Offering-Clone");
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "vgpuProfileId", 10L);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "gpuCount", 2);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "gpuDisplay", true);
+
+        assertEquals(Long.valueOf(10L), cloneServiceOfferingCmd.getVgpuProfileId());
+        assertEquals(Integer.valueOf(2), cloneServiceOfferingCmd.getGpuCount());
+        assertTrue(cloneServiceOfferingCmd.getGpuDisplay());
+    }
+
+    @Test
+    public void testCloneServiceOfferingWithLease() {
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", 555L);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", "Lease-Offering-Clone");
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "leaseDuration", 7200);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "leaseExpiryAction", "destroy");
+
+        assertEquals(Integer.valueOf(7200), cloneServiceOfferingCmd.getLeaseDuration());
+        assertEquals(VMLeaseManager.ExpiryAction.DESTROY, cloneServiceOfferingCmd.getLeaseExpiryAction());
+    }
+
+    @Test
+    public void testExecuteWithOverriddenParameters() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        String newName = "ClonedOffering-Override";
+        String newDisplayText = "Overridden Display Text";
+        Integer newCpu = 8;
+        Integer newMemory = 16384;
+        Integer newCpuSpeed = 3000;
+        Boolean newOfferHa = true;
+        Boolean newLimitCpuUse = true;
+        String newStorageType = "shared";
+        String newTags = "premium,gpu";
+        String newHostTag = "compute-optimized";
+        Integer newNetworkRate = 2000;
+        String newDeploymentPlanner = "FirstFitPlanner";
+        Boolean newPurgeResources = true;
+
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", newName);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "displayText", newDisplayText);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "cpuNumber", newCpu);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "memory", newMemory);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "cpuSpeed", newCpuSpeed);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "offerHa", newOfferHa);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "limitCpuUse", newLimitCpuUse);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "storageType", newStorageType);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "tags", newTags);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "hostTag", newHostTag);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "networkRate", newNetworkRate);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "deploymentPlanner", newDeploymentPlanner);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "purgeResources", newPurgeResources);
+
+        assertEquals(sourceOfferingId, cloneServiceOfferingCmd.getSourceOfferingId());
+        assertEquals(newName, cloneServiceOfferingCmd.getServiceOfferingName());
+        assertEquals(newDisplayText, cloneServiceOfferingCmd.getDisplayText());
+        assertEquals(newCpu, cloneServiceOfferingCmd.getCpuNumber());
+        assertEquals(newMemory, cloneServiceOfferingCmd.getMemory());
+        assertEquals(newCpuSpeed, cloneServiceOfferingCmd.getCpuSpeed());
+        assertEquals(newOfferHa, cloneServiceOfferingCmd.isOfferHa());
+        assertEquals(newLimitCpuUse, cloneServiceOfferingCmd.isLimitCpuUse());
+        assertEquals(newStorageType, cloneServiceOfferingCmd.getStorageType());
+        assertEquals(newTags, cloneServiceOfferingCmd.getTags());
+        assertEquals(newHostTag, cloneServiceOfferingCmd.getHostTag());
+        assertEquals(newNetworkRate, cloneServiceOfferingCmd.getNetworkRate());
+        assertEquals(newDeploymentPlanner, cloneServiceOfferingCmd.getDeploymentPlanner());
+        assertTrue(cloneServiceOfferingCmd.isPurgeResources());
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class))).thenReturn(mockServiceOffering);
+        when(responseGenerator.createServiceOfferingResponse(mockServiceOffering)).thenReturn(mockServiceOfferingResponse);
+
+        cloneServiceOfferingCmd.execute();
+
+        assertNotNull(cloneServiceOfferingCmd.getResponseObject());
+        assertEquals(mockServiceOfferingResponse, cloneServiceOfferingCmd.getResponseObject());
+    }
+
+    @Test
+    public void testExecuteWithPartialOverrides() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        String newName = "PartialOverride";
+        Integer newCpu = 6;
+        Integer newMemory = 12288;
+
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", newName);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "cpuNumber", newCpu);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "memory", newMemory);
+
+        assertEquals(newName, cloneServiceOfferingCmd.getServiceOfferingName());
+        assertEquals(newCpu, cloneServiceOfferingCmd.getCpuNumber());
+        assertEquals(newMemory, cloneServiceOfferingCmd.getMemory());
+
+        assertNull(cloneServiceOfferingCmd.getCpuSpeed());
+        assertFalse(cloneServiceOfferingCmd.isOfferHa());
+        assertNull(cloneServiceOfferingCmd.getStorageType());
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class))).thenReturn(mockServiceOffering);
+        when(responseGenerator.createServiceOfferingResponse(mockServiceOffering)).thenReturn(mockServiceOfferingResponse);
+
+        cloneServiceOfferingCmd.execute();
+
+        assertNotNull(cloneServiceOfferingCmd.getResponseObject());
+        assertEquals(mockServiceOfferingResponse, cloneServiceOfferingCmd.getResponseObject());
+    }
+
+    @Test
+    public void testExecuteWithGpuOverrides() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        String newName = "GPU-Clone-Override";
+        Long vgpuProfileId = 15L;
+        Integer gpuCount = 4;
+        Boolean gpuDisplay = false;
+
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", newName);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "vgpuProfileId", vgpuProfileId);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "gpuCount", gpuCount);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "gpuDisplay", gpuDisplay);
+
+        assertEquals(newName, cloneServiceOfferingCmd.getServiceOfferingName());
+        assertEquals(vgpuProfileId, cloneServiceOfferingCmd.getVgpuProfileId());
+        assertEquals(gpuCount, cloneServiceOfferingCmd.getGpuCount());
+        assertEquals(gpuDisplay, cloneServiceOfferingCmd.getGpuDisplay());
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class))).thenReturn(mockServiceOffering);
+        when(responseGenerator.createServiceOfferingResponse(mockServiceOffering)).thenReturn(mockServiceOfferingResponse);
+
+        cloneServiceOfferingCmd.execute();
+
+        assertNotNull(cloneServiceOfferingCmd.getResponseObject());
+        assertEquals(mockServiceOfferingResponse, cloneServiceOfferingCmd.getResponseObject());
+    }
+
+    @Test
+    public void testExecuteWithLeaseOverrides() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        String newName = "Lease-Clone-Override";
+        Integer leaseDuration = 14400; // 4 hours
+        String leaseExpiryAction = "stop";
+
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", newName);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "leaseDuration", leaseDuration);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "leaseExpiryAction", leaseExpiryAction);
+
+        assertEquals(newName, cloneServiceOfferingCmd.getServiceOfferingName());
+        assertEquals(leaseDuration, cloneServiceOfferingCmd.getLeaseDuration());
+        assertEquals(VMLeaseManager.ExpiryAction.STOP, cloneServiceOfferingCmd.getLeaseExpiryAction());
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class))).thenReturn(mockServiceOffering);
+        when(responseGenerator.createServiceOfferingResponse(mockServiceOffering)).thenReturn(mockServiceOfferingResponse);
+
+        cloneServiceOfferingCmd.execute();
+
+        assertNotNull(cloneServiceOfferingCmd.getResponseObject());
+        assertEquals(mockServiceOfferingResponse, cloneServiceOfferingCmd.getResponseObject());
+    }
+
+    @Test
+    public void testExecuteWithStorageOverrides() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+        String newName = "Storage-Clone-Override";
+        Long bytesReadRate = 2000000L;
+        Long bytesWriteRate = 1500000L;
+        Long iopsReadRate = 2000L;
+        Long iopsWriteRate = 1500L;
+
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", newName);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "bytesReadRate", bytesReadRate);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "bytesWriteRate", bytesWriteRate);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "iopsReadRate", iopsReadRate);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "iopsWriteRate", iopsWriteRate);
+
+        assertEquals(newName, cloneServiceOfferingCmd.getServiceOfferingName());
+        assertEquals(bytesReadRate, cloneServiceOfferingCmd.getBytesReadRate());
+        assertEquals(bytesWriteRate, cloneServiceOfferingCmd.getBytesWriteRate());
+        assertEquals(iopsReadRate, cloneServiceOfferingCmd.getIopsReadRate());
+        assertEquals(iopsWriteRate, cloneServiceOfferingCmd.getIopsWriteRate());
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class))).thenReturn(mockServiceOffering);
+        when(responseGenerator.createServiceOfferingResponse(mockServiceOffering)).thenReturn(mockServiceOfferingResponse);
+
+        cloneServiceOfferingCmd.execute();
+
+        assertNotNull(cloneServiceOfferingCmd.getResponseObject());
+        assertEquals(mockServiceOfferingResponse, cloneServiceOfferingCmd.getResponseObject());
+    }
+
+    @Test
+    public void testExecuteWithDetailsOverride() {
+        Long sourceOfferingId = 555L;
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        String newName = "Details-Clone-Override";
+        Map<String, HashMap<String, String>> details = new HashMap<>();
+
+        HashMap<String, String> cpuOvercommit = new HashMap<>();
+        cpuOvercommit.put("key", "cpuOvercommitRatio");
+        cpuOvercommit.put("value", "3.0");
+
+        HashMap<String, String> memoryOvercommit = new HashMap<>();
+        memoryOvercommit.put("key", "memoryOvercommitRatio");
+        memoryOvercommit.put("value", "2.5");
+
+        HashMap<String, String> customDetail = new HashMap<>();
+        customDetail.put("key", "customParameter");
+        customDetail.put("value", "customValue");
+
+        details.put("0", cpuOvercommit);
+        details.put("1", memoryOvercommit);
+        details.put("2", customDetail);
+
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "serviceOfferingName", newName);
+        ReflectionTestUtils.setField(cloneServiceOfferingCmd, "details", details);
+
+        assertEquals(newName, cloneServiceOfferingCmd.getServiceOfferingName());
+        Map<String, String> result = cloneServiceOfferingCmd.getDetails();
+        assertNotNull(result);
+        assertEquals("3.0", result.get("cpuOvercommitRatio"));
+        assertEquals("2.5", result.get("memoryOvercommitRatio"));
+        assertEquals("customValue", result.get("customParameter"));
+
+        when(configService.cloneServiceOffering(any(CloneServiceOfferingCmd.class))).thenReturn(mockServiceOffering);
+        when(responseGenerator.createServiceOfferingResponse(mockServiceOffering)).thenReturn(mockServiceOfferingResponse);
+
+        cloneServiceOfferingCmd.execute();
+
+        assertNotNull(cloneServiceOfferingCmd.getResponseObject());
+        assertEquals(mockServiceOfferingResponse, cloneServiceOfferingCmd.getResponseObject());
+    }
+}
diff --git a/api/src/test/java/org/apache/cloudstack/api/command/admin/vpc/CloneVpcOfferingCmdTest.java b/api/src/test/java/org/apache/cloudstack/api/command/admin/vpc/CloneVpcOfferingCmdTest.java
new file mode 100644
index 000000000000..1e6d6c9e0969
--- /dev/null
+++ b/api/src/test/java/org/apache/cloudstack/api/command/admin/vpc/CloneVpcOfferingCmdTest.java
@@ -0,0 +1,299 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.admin.vpc;
+
+import com.cloud.network.vpc.VpcOffering;
+import com.cloud.network.vpc.VpcProvisioningService;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.ResponseGenerator;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.VpcOfferingResponse;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class CloneVpcOfferingCmdTest {
+
+    private CloneVPCOfferingCmd cloneVpcOfferingCmd;
+
+    @Mock
+    private VpcProvisioningService vpcService;
+
+    @Mock
+    private ResponseGenerator responseGenerator;
+
+    @Mock
+    private VpcOffering mockVpcOffering;
+
+    @Mock
+    private VpcOfferingResponse mockVpcOfferingResponse;
+
+    @Before
+    public void setUp() {
+        cloneVpcOfferingCmd = new CloneVPCOfferingCmd();
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "_vpcProvSvc", vpcService);
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "_responseGenerator", responseGenerator);
+    }
+
+    @Test
+    public void testGetSourceOfferingId() {
+        Long sourceOfferingId = 789L;
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "sourceOfferingId", sourceOfferingId);
+        assertEquals(sourceOfferingId, cloneVpcOfferingCmd.getSourceOfferingId());
+    }
+
+    @Test
+    public void testGetName() {
+        String name = "ClonedVpcOffering";
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "vpcOfferingName", name);
+        assertEquals(name, cloneVpcOfferingCmd.getVpcOfferingName());
+    }
+
+    @Test
+    public void testGetDisplayText() {
+        String displayText = "Cloned VPC Offering Display Text";
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "displayText", displayText);
+        assertEquals(displayText, cloneVpcOfferingCmd.getDisplayText());
+    }
+
+    @Test
+    public void testGetDisplayTextDefaultsToName() {
+        String name = "ClonedVpcOffering";
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "vpcOfferingName", name);
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "displayText", null);
+        assertEquals(name, cloneVpcOfferingCmd.getDisplayText());
+    }
+
+    @Test
+    public void testGetServiceOfferingId() {
+        Long serviceOfferingId = 456L;
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "serviceOfferingId", serviceOfferingId);
+        assertEquals(serviceOfferingId, cloneVpcOfferingCmd.getServiceOfferingId());
+    }
+
+    @Test
+    public void testGetInternetProtocol() {
+        String internetProtocol = "dualstack";
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "internetProtocol", internetProtocol);
+        assertEquals(internetProtocol, cloneVpcOfferingCmd.getInternetProtocol());
+    }
+
+    @Test
+    public void testGetProvider() {
+        String provider = "NSX";
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "provider", provider);
+        assertEquals(provider, cloneVpcOfferingCmd.getProvider());
+    }
+
+    @Test
+    public void testGetNetworkMode() {
+        String networkMode = "ROUTED";
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "networkMode", networkMode);
+        assertEquals(networkMode, cloneVpcOfferingCmd.getNetworkMode());
+    }
+
+    @Test
+    public void testGetRoutingMode() {
+        String routingMode = "dynamic";
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "routingMode", routingMode);
+        assertEquals(routingMode, cloneVpcOfferingCmd.getRoutingMode());
+    }
+
+    @Test
+    public void testGetNsxSupportLb() {
+        Boolean nsxSupportLb = true;
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "nsxSupportsLbService", nsxSupportLb);
+        assertEquals(nsxSupportLb, cloneVpcOfferingCmd.getNsxSupportsLbService());
+    }
+
+    @Test
+    public void testGetSpecifyAsnumber() {
+        Boolean specifyAsnumber = false;
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "specifyAsNumber", specifyAsnumber);
+        assertEquals(specifyAsnumber, cloneVpcOfferingCmd.getSpecifyAsNumber());
+    }
+
+    @Test
+    public void testExecuteSuccess() {
+        Long sourceOfferingId = 789L;
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(vpcService.cloneVPCOffering(any(CloneVPCOfferingCmd.class))).thenReturn(mockVpcOffering);
+        when(responseGenerator.createVpcOfferingResponse(mockVpcOffering)).thenReturn(mockVpcOfferingResponse);
+
+        cloneVpcOfferingCmd.execute();
+
+        assertNotNull(cloneVpcOfferingCmd.getResponseObject());
+        assertEquals(mockVpcOfferingResponse, cloneVpcOfferingCmd.getResponseObject());
+    }
+
+    @Test(expected = ServerApiException.class)
+    public void testExecuteFailure() {
+        Long sourceOfferingId = 789L;
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "sourceOfferingId", sourceOfferingId);
+
+        when(vpcService.cloneVPCOffering(any(CloneVPCOfferingCmd.class))).thenReturn(null);
+
+        try {
+            cloneVpcOfferingCmd.execute();
+            fail("Expected ServerApiException to be thrown");
+        } catch (ServerApiException e) {
+            assertEquals(ApiErrorCode.INTERNAL_ERROR, e.getErrorCode());
+            assertEquals("Failed to clone VPC offering", e.getMessage());
+            throw e;
+        }
+    }
+
+    @Test
+    public void testGetSupportedServices() {
+        List<String> supportedServices = Arrays.asList("Dhcp", "Dns", "SourceNat", "NetworkACL");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "supportedServices", supportedServices);
+        assertEquals(supportedServices, cloneVpcOfferingCmd.getSupportedServices());
+    }
+
+    @Test
+    public void testGetServiceProviders() {
+        Map<String, HashMap<String, String>> serviceProviderList = new HashMap<>();
+
+        HashMap<String, String> dhcpProvider = new HashMap<>();
+        dhcpProvider.put("service", "Dhcp");
+        dhcpProvider.put("provider", "VpcVirtualRouter");
+
+        HashMap<String, String> dnsProvider = new HashMap<>();
+        dnsProvider.put("service", "Dns");
+        dnsProvider.put("provider", "VpcVirtualRouter");
+
+        HashMap<String, String> aclProvider = new HashMap<>();
+        aclProvider.put("service", "NetworkACL");
+        aclProvider.put("provider", "VpcVirtualRouter");
+
+        serviceProviderList.put("0", dhcpProvider);
+        serviceProviderList.put("1", dnsProvider);
+        serviceProviderList.put("2", aclProvider);
+
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "serviceProviderList", serviceProviderList);
+
+        Map<String, List<String>> result = cloneVpcOfferingCmd.getServiceProviders();
+        assertNotNull(result);
+        assertEquals(3, result.size());
+        assertNotNull(result.get("Dhcp"));
+        assertNotNull(result.get("Dns"));
+        assertNotNull(result.get("NetworkACL"));
+        assertEquals("VpcVirtualRouter", result.get("Dhcp").get(0));
+        assertEquals("VpcVirtualRouter", result.get("Dns").get(0));
+        assertEquals("VpcVirtualRouter", result.get("NetworkACL").get(0));
+    }
+
+    @Test
+    public void testGetEnable() {
+        Boolean enable = true;
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "enable", enable);
+        assertEquals(enable, cloneVpcOfferingCmd.getEnable());
+    }
+
+    @Test
+    public void testCloneWithAllParameters() {
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "sourceOfferingId", 789L);
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "vpcOfferingName", "ClonedVpcOffering");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "displayText", "Cloned VPC Offering");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "serviceOfferingId", 456L);
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "internetProtocol", "ipv4");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "provider", "NSX");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "networkMode", "NATTED");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "routingMode", "static");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "nsxSupportsLbService", true);
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "specifyAsNumber", false);
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "enable", true);
+
+        assertEquals(Long.valueOf(789L), cloneVpcOfferingCmd.getSourceOfferingId());
+        assertEquals("ClonedVpcOffering", cloneVpcOfferingCmd.getVpcOfferingName());
+        assertEquals("Cloned VPC Offering", cloneVpcOfferingCmd.getDisplayText());
+        assertEquals(Long.valueOf(456L), cloneVpcOfferingCmd.getServiceOfferingId());
+        assertEquals("ipv4", cloneVpcOfferingCmd.getInternetProtocol());
+        assertEquals("NSX", cloneVpcOfferingCmd.getProvider());
+        assertEquals("NATTED", cloneVpcOfferingCmd.getNetworkMode());
+        assertEquals("static", cloneVpcOfferingCmd.getRoutingMode());
+        assertEquals(Boolean.TRUE, cloneVpcOfferingCmd.getNsxSupportsLbService());
+        assertEquals(Boolean.FALSE, cloneVpcOfferingCmd.getSpecifyAsNumber());
+        assertEquals(Boolean.TRUE, cloneVpcOfferingCmd.getEnable());
+    }
+
+    @Test
+    public void testSourceOfferingIdNullByDefault() {
+        assertNull(cloneVpcOfferingCmd.getSourceOfferingId());
+    }
+
+    @Test
+    public void testProviderNullByDefault() {
+        assertNull(cloneVpcOfferingCmd.getProvider());
+    }
+
+    @Test
+    public void testServiceCapabilityList() {
+        Map<String, List<String>> serviceCapabilityList = new HashMap<>();
+        serviceCapabilityList.put("Connectivity", Arrays.asList("RegionLevelVpc:true", "DistributedRouter:true"));
+        serviceCapabilityList.put("SourceNat", Arrays.asList("RedundantRouter:true"));
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "serviceCapabilityList", serviceCapabilityList);
+
+        Map<String, List<String>> result = cloneVpcOfferingCmd.getServiceCapabilityList();
+        assertNotNull(result);
+        assertEquals(serviceCapabilityList, result);
+    }
+
+    @Test
+    public void testCloneVpcOfferingWithNsxProvider() {
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "sourceOfferingId", 789L);
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "provider", "NSX");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "nsxSupportsLbService", true);
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "networkMode", "ROUTED");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "routingMode", "dynamic");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "specifyAsNumber", true);
+
+        assertEquals("NSX", cloneVpcOfferingCmd.getProvider());
+        assertEquals(Boolean.TRUE, cloneVpcOfferingCmd.getNsxSupportsLbService());
+        assertEquals("ROUTED", cloneVpcOfferingCmd.getNetworkMode());
+        assertEquals("dynamic", cloneVpcOfferingCmd.getRoutingMode());
+        assertEquals(Boolean.TRUE, cloneVpcOfferingCmd.getSpecifyAsNumber());
+    }
+
+    @Test
+    public void testCloneVpcOfferingWithNetrisProvider() {
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "sourceOfferingId", 789L);
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "provider", "Netris");
+        ReflectionTestUtils.setField(cloneVpcOfferingCmd, "networkMode", "NATTED");
+
+        assertEquals("Netris", cloneVpcOfferingCmd.getProvider());
+        assertEquals("NATTED", cloneVpcOfferingCmd.getNetworkMode());
+    }
+}
diff --git a/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java b/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java
index b1cad20b19ec..454cb10a2f2b 100644
--- a/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java
+++ b/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java
@@ -288,4 +288,6 @@ List<IPAddressVO> listAvailablePublicIps(final long dcId,
     PublicIpQuarantine updatePublicIpAddressInQuarantine(Long quarantineProcessId, Date endDate);
 
     void updateSourceNatIpAddress(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception;
+
+    Long getPreferredNetworkIdForPublicIpRuleAssignment(IpAddress ip, Long networkId);
 }
diff --git a/engine/components-api/src/main/java/com/cloud/network/lb/LoadBalancingRulesManager.java b/engine/components-api/src/main/java/com/cloud/network/lb/LoadBalancingRulesManager.java
index 669456cbdcc2..d8011e9ade12 100644
--- a/engine/components-api/src/main/java/com/cloud/network/lb/LoadBalancingRulesManager.java
+++ b/engine/components-api/src/main/java/com/cloud/network/lb/LoadBalancingRulesManager.java
@@ -39,7 +39,7 @@
 public interface LoadBalancingRulesManager {
 
     LoadBalancer createPublicLoadBalancer(String xId, String name, String description, int srcPort, int destPort, long sourceIpId, String protocol, String algorithm,
-        boolean openFirewall, CallContext caller, String lbProtocol, Boolean forDisplay, String cidrList) throws NetworkRuleConflictException;
+        boolean openFirewall, CallContext caller, String lbProtocol, Boolean forDisplay, String cidrList, Long networkId) throws NetworkRuleConflictException;
 
     boolean removeAllLoadBalanacersForIp(long ipId, Account caller, long callerUserId);
 
diff --git a/engine/components-api/src/main/java/com/cloud/network/vpc/VpcManager.java b/engine/components-api/src/main/java/com/cloud/network/vpc/VpcManager.java
index e7f41d079a74..792a3a6b397f 100644
--- a/engine/components-api/src/main/java/com/cloud/network/vpc/VpcManager.java
+++ b/engine/components-api/src/main/java/com/cloud/network/vpc/VpcManager.java
@@ -211,4 +211,9 @@ public interface VpcManager {
     void reconfigStaticNatForVpcVr(Long vpcId);
 
     boolean applyStaticRouteForVpcVpnIfNeeded(Long vpcId, boolean updateAllVpn) throws ResourceUnavailableException;
+
+    /**
+     * Returns true if the network is part of a VPC, and the VPC is created from conserve mode enabled VPC offering
+     */
+    boolean isNetworkOnVpcEnabledConserveMode(Network network);
 }
diff --git a/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java b/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
index 9320a37bc96e..b913468384e4 100644
--- a/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
@@ -91,6 +91,9 @@ public class VpcOfferingVO implements VpcOffering {
     @Column(name = "specify_as_number")
     private Boolean specifyAsNumber = false;
 
+    @Column(name = "conserve_mode")
+    private boolean conserveMode;
+
     public VpcOfferingVO() {
         this.uuid = UUID.randomUUID().toString();
     }
@@ -242,4 +245,13 @@ public Boolean isSpecifyAsNumber() {
     public void setSpecifyAsNumber(Boolean specifyAsNumber) {
         this.specifyAsNumber = specifyAsNumber;
     }
+
+    @Override
+    public boolean isConserveMode() {
+        return conserveMode;
+    }
+
+    public void setConserveMode(boolean conserveMode) {
+        this.conserveMode = conserveMode;
+    }
 }
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42210to42300.sql b/engine/schema/src/main/resources/META-INF/db/schema-42210to42300.sql
index 7923ef89ffde..d69b524b85d9 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-42210to42300.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-42210to42300.sql
@@ -34,6 +34,19 @@ CREATE TABLE `cloud`.`backup_offering_details` (
 UPDATE `cloud`.`configuration` SET value='random' WHERE name IN ('vm.allocation.algorithm', 'volume.allocation.algorithm') AND value='userconcentratedpod_random';
 UPDATE `cloud`.`configuration` SET value='firstfit' WHERE name IN ('vm.allocation.algorithm', 'volume.allocation.algorithm') AND value='userconcentratedpod_firstfit';
 
+-- Create kubernetes_cluster_affinity_group_map table for CKS per-node-type affinity groups
+CREATE TABLE IF NOT EXISTS `cloud`.`kubernetes_cluster_affinity_group_map` (
+    `id` bigint unsigned NOT NULL AUTO_INCREMENT,
+    `cluster_id` bigint unsigned NOT NULL COMMENT 'kubernetes cluster id',
+    `node_type` varchar(32) NOT NULL COMMENT 'CONTROL, WORKER, or ETCD',
+    `affinity_group_id` bigint unsigned NOT NULL COMMENT 'affinity group id',
+    PRIMARY KEY (`id`),
+    CONSTRAINT `fk_kubernetes_cluster_ag_map__cluster_id` FOREIGN KEY (`cluster_id`) REFERENCES `kubernetes_cluster`(`id`) ON DELETE CASCADE,
+    CONSTRAINT `fk_kubernetes_cluster_ag_map__ag_id` FOREIGN KEY (`affinity_group_id`) REFERENCES `affinity_group`(`id`) ON DELETE CASCADE,
+    INDEX `i_kubernetes_cluster_ag_map__cluster_id`(`cluster_id`),
+    INDEX `i_kubernetes_cluster_ag_map__ag_id`(`affinity_group_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 -- Create webhook_filter table
 DROP TABLE IF EXISTS `cloud`.`webhook_filter`;
 CREATE TABLE IF NOT EXISTS `cloud`.`webhook_filter` (
@@ -98,3 +111,6 @@ ALTER TABLE `cloud`.`user` DROP COLUMN api_key, DROP COLUMN secret_key;
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('User', 'deleteUserKeys', 'ALLOW');
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Domain Admin', 'deleteUserKeys', 'ALLOW');
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Resource Admin', 'deleteUserKeys', 'ALLOW');
+
+-- Add conserve mode for VPC offerings
+CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vpc_offerings','conserve_mode', 'tinyint(1) unsigned NULL DEFAULT 0 COMMENT ''True if the VPC offering is IP conserve mode enabled, allowing public IP services to be used across multiple VPC tiers'' ');
diff --git a/engine/schema/src/main/resources/META-INF/db/views/cloud.vpc_offering_view.sql b/engine/schema/src/main/resources/META-INF/db/views/cloud.vpc_offering_view.sql
index 751d8f91a259..3669bb10122b 100644
--- a/engine/schema/src/main/resources/META-INF/db/views/cloud.vpc_offering_view.sql
+++ b/engine/schema/src/main/resources/META-INF/db/views/cloud.vpc_offering_view.sql
@@ -38,6 +38,7 @@ select
     `vpc_offerings`.`sort_key` AS `sort_key`,
     `vpc_offerings`.`routing_mode` AS `routing_mode`,
     `vpc_offerings`.`specify_as_number` AS `specify_as_number`,
+    `vpc_offerings`.`conserve_mode` AS `conserve_mode`,
     group_concat(distinct `domain`.`id` separator ',') AS `domain_id`,
     group_concat(distinct `domain`.`uuid` separator ',') AS `domain_uuid`,
     group_concat(distinct `domain`.`name` separator ',') AS `domain_name`,
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterAffinityGroupMapVO.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterAffinityGroupMapVO.java
new file mode 100644
index 000000000000..19babc86690d
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterAffinityGroupMapVO.java
@@ -0,0 +1,83 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.kubernetes.cluster;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import org.apache.cloudstack.api.InternalIdentity;
+
+@Entity
+@Table(name = "kubernetes_cluster_affinity_group_map")
+public class KubernetesClusterAffinityGroupMapVO implements InternalIdentity {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name = "id")
+    private Long id;
+
+    @Column(name = "cluster_id")
+    private long clusterId;
+
+    @Column(name = "node_type")
+    private String nodeType;
+
+    @Column(name = "affinity_group_id")
+    private long affinityGroupId;
+
+    public KubernetesClusterAffinityGroupMapVO() {
+    }
+
+    public KubernetesClusterAffinityGroupMapVO(long clusterId, String nodeType, long affinityGroupId) {
+        this.clusterId = clusterId;
+        this.nodeType = nodeType;
+        this.affinityGroupId = affinityGroupId;
+    }
+
+    @Override
+    public long getId() {
+        return id;
+    }
+
+    public long getClusterId() {
+        return clusterId;
+    }
+
+    public void setClusterId(long clusterId) {
+        this.clusterId = clusterId;
+    }
+
+    public String getNodeType() {
+        return nodeType;
+    }
+
+    public void setNodeType(String nodeType) {
+        this.nodeType = nodeType;
+    }
+
+    public long getAffinityGroupId() {
+        return affinityGroupId;
+    }
+
+    public void setAffinityGroupId(long affinityGroupId) {
+        this.affinityGroupId = affinityGroupId;
+    }
+}
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterEventTypes.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterEventTypes.java
index 486a093e4ad4..d11a0fc3dea5 100755
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterEventTypes.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterEventTypes.java
@@ -25,4 +25,5 @@ public class KubernetesClusterEventTypes {
     public static final String EVENT_KUBERNETES_CLUSTER_UPGRADE = "KUBERNETES.CLUSTER.UPGRADE";
     public static final String EVENT_KUBERNETES_CLUSTER_NODES_ADD = "KUBERNETES.CLUSTER.NODES.ADD";
     public static final String EVENT_KUBERNETES_CLUSTER_NODES_REMOVE = "KUBERNETES.CLUSTER.NODES.REMOVE";
+    public static final String EVENT_KUBERNETES_CLUSTER_AFFINITY_UPDATE = "KUBERNETES.CLUSTER.AFFINITY.UPDATE";
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index f3ee6bd56b22..fea20eb124fc 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -58,7 +58,9 @@
 import org.apache.cloudstack.acl.Rule;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.affinity.AffinityGroupVO;
+import org.apache.cloudstack.affinity.AffinityProcessorBase;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
+import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
 import org.apache.cloudstack.annotation.AnnotationService;
 import org.apache.cloudstack.annotation.dao.AnnotationDao;
 import org.apache.cloudstack.api.ApiCommandResourceType;
@@ -87,6 +89,7 @@
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.ScaleKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.StartKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.StopKubernetesClusterCmd;
+import org.apache.cloudstack.api.command.user.kubernetes.cluster.UpdateKubernetesClusterAffinityGroupCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.UpgradeKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.loadbalancer.AssignToLoadBalancerRuleCmd;
 import org.apache.cloudstack.api.command.user.loadbalancer.CreateLoadBalancerRuleCmd;
@@ -170,6 +173,7 @@
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterStartWorker;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterStopWorker;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterUpgradeWorker;
+import com.cloud.kubernetes.cluster.dao.KubernetesClusterAffinityGroupMapDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterDetailsDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDao;
@@ -316,6 +320,8 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     @Inject
     public KubernetesClusterDetailsDao kubernetesClusterDetailsDao;
     @Inject
+    public KubernetesClusterAffinityGroupMapDao kubernetesClusterAffinityGroupMapDao;
+    @Inject
     public KubernetesSupportedVersionDao kubernetesSupportedVersionDao;
     @Inject
     protected SSHKeyPairDao sshKeyPairDao;
@@ -330,6 +336,8 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     @Inject
     protected AffinityGroupDao affinityGroupDao;
     @Inject
+    protected AffinityGroupVMMapDao affinityGroupVMMapDao;
+    @Inject
     protected ServiceOfferingDao serviceOfferingDao;
     @Inject
     protected UserDataDao userDataDao;
@@ -699,8 +707,8 @@ private DeployDestination plan(final long nodesCount, final DataCenter zone, fin
             } else if (Objects.nonNull(domainId)) {
                 dedicatedHosts = dedicatedResourceDao.listByDomainId(domainId);
             }
-            for (DedicatedResourceVO dedicatedHost : dedicatedHosts) {
-                hosts.add(hostDao.findById(dedicatedHost.getHostId()));
+            for (DedicatedResourceVO dedicatedResource : dedicatedHosts) {
+                hosts.addAll(getHostsForDedicatedResource(dedicatedResource, zone));
                 useDedicatedHosts = true;
             }
         }
@@ -768,6 +776,23 @@ private DeployDestination plan(final long nodesCount, final DataCenter zone, fin
         throw new InsufficientServerCapacityException(msg, DataCenter.class, zone.getId());
     }
 
+    public List<HostVO> getHostsForDedicatedResource(DedicatedResourceVO dedicatedResource, DataCenter zone) {
+        if (dedicatedResource.getHostId() != null) {
+            HostVO host = hostDao.findById(dedicatedResource.getHostId());
+            return host != null ? List.of(host) : Collections.emptyList();
+        }
+        if (dedicatedResource.getClusterId() != null) {
+            return hostDao.findByClusterId(dedicatedResource.getClusterId());
+        }
+        if (dedicatedResource.getPodId() != null) {
+            return hostDao.findByPodId(dedicatedResource.getPodId(), Host.Type.Routing);
+        }
+        if (dedicatedResource.getDataCenterId() != null) {
+            return resourceManager.listAllHostsInOneZoneByType(Host.Type.Routing, dedicatedResource.getDataCenterId());
+        }
+        return Collections.emptyList();
+    }
+
     protected void setNodeTypeServiceOfferingResponse(KubernetesClusterResponse response,
                                                       KubernetesClusterNodeType nodeType,
                                                       Long offeringId) {
@@ -859,24 +884,38 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
 
         List<KubernetesUserVmResponse> vmResponses = new ArrayList<>();
         List<KubernetesClusterVmMapVO> vmList = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
-        ResponseView respView = ResponseView.Restricted;
+        ResponseView userVmResponseView = ResponseView.Restricted;
         Account caller = CallContext.current().getCallingAccount();
         if (accountService.isRootAdmin(caller.getId())) {
-            respView = ResponseView.Full;
+            userVmResponseView = ResponseView.Full;
         }
         final String responseName = "virtualmachine";
         if (vmList != null && !vmList.isEmpty()) {
-            for (KubernetesClusterVmMapVO vmMapVO : vmList) {
-                UserVmJoinVO userVM = userVmJoinDao.findById(vmMapVO.getVmId());
-                if (userVM != null) {
-                    UserVmResponse vmResponse = ApiDBUtils.newUserVmResponse(respView, responseName, userVM,
-                        EnumSet.of(VMDetails.nics), caller);
+            Map<Long, KubernetesClusterVmMapVO> vmMapById = vmList.stream()
+                    .collect(Collectors.toMap(KubernetesClusterVmMapVO::getVmId, vm -> vm));
+            Long[] vmIds = vmMapById.keySet().toArray(new Long[0]);
+            List<UserVmJoinVO> userVmJoinVOs = userVmJoinDao.searchByIds(vmIds);
+            if (userVmJoinVOs != null && !userVmJoinVOs.isEmpty()) {
+                Map<Long, UserVmResponse> vmResponseMap = new HashMap<>();
+                for (UserVmJoinVO userVM : userVmJoinVOs) {
+                    Long vmId = userVM.getId();
+                    UserVmResponse vmResponse = vmResponseMap.get(vmId);
+                    if (vmResponse == null) {
+                        vmResponse = ApiDBUtils.newUserVmResponse(userVmResponseView, responseName, userVM,
+                                EnumSet.of(VMDetails.nics, VMDetails.affgrp), caller);
+                        vmResponseMap.put(vmId, vmResponse);
+                    } else {
+                        ApiDBUtils.fillVmDetails(userVmResponseView, vmResponse, userVM);
+                    }
+                }
+                for (Map.Entry<Long, UserVmResponse> vmIdResponseEntry : vmResponseMap.entrySet()) {
                     KubernetesUserVmResponse kubernetesUserVmResponse = new KubernetesUserVmResponse();
                     try {
-                        BeanUtils.copyProperties(kubernetesUserVmResponse, vmResponse);
+                        BeanUtils.copyProperties(kubernetesUserVmResponse, vmIdResponseEntry.getValue());
                     } catch (IllegalAccessException | InvocationTargetException e) {
                         throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to generate zone metrics response");
                     }
+                    KubernetesClusterVmMapVO vmMapVO = vmMapById.get(vmIdResponseEntry.getKey());
                     kubernetesUserVmResponse.setExternalNode(vmMapVO.isExternalNode());
                     kubernetesUserVmResponse.setEtcdNode(vmMapVO.isEtcdNode());
                     kubernetesUserVmResponse.setNodeVersion(vmMapVO.getNodeVersion());
@@ -906,10 +945,45 @@ public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetes
         response.setClusterType(kubernetesCluster.getClusterType());
         response.setCsiEnabled(kubernetesCluster.isCsiEnabled());
         response.setCreated(kubernetesCluster.getCreated());
+        setNodeTypeAffinityGroupResponse(response, kubernetesCluster.getId());
 
         return response;
     }
 
+    protected void setNodeTypeAffinityGroupResponse(KubernetesClusterResponse response, long clusterId) {
+        setAffinityGroupResponseForNodeType(response, clusterId, CONTROL.name());
+        setAffinityGroupResponseForNodeType(response, clusterId, WORKER.name());
+        setAffinityGroupResponseForNodeType(response, clusterId, ETCD.name());
+    }
+
+    protected void setAffinityGroupResponseForNodeType(KubernetesClusterResponse response, long clusterId, String nodeType) {
+        List<Long> affinityGroupIds = kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(clusterId, nodeType);
+        if (CollectionUtils.isEmpty(affinityGroupIds)) {
+            return;
+        }
+        List<String> affinityGroupUuids = new ArrayList<>();
+        List<String> affinityGroupNames = new ArrayList<>();
+        for (Long affinityGroupId : affinityGroupIds) {
+            AffinityGroupVO affinityGroup = affinityGroupDao.findById(affinityGroupId);
+            if (affinityGroup != null) {
+                affinityGroupUuids.add(affinityGroup.getUuid());
+                affinityGroupNames.add(affinityGroup.getName());
+            }
+        }
+        String affinityGroupUuidsCsv = String.join(",", affinityGroupUuids);
+        String affinityGroupNamesCsv = String.join(",", affinityGroupNames);
+        if (CONTROL.name().equals(nodeType)) {
+            response.setControlAffinityGroupIds(affinityGroupUuidsCsv);
+            response.setControlAffinityGroupNames(affinityGroupNamesCsv);
+        } else if (WORKER.name().equals(nodeType)) {
+            response.setWorkerAffinityGroupIds(affinityGroupUuidsCsv);
+            response.setWorkerAffinityGroupNames(affinityGroupNamesCsv);
+        } else if (ETCD.name().equals(nodeType)) {
+            response.setEtcdAffinityGroupIds(affinityGroupUuidsCsv);
+            response.setEtcdAffinityGroupNames(affinityGroupNamesCsv);
+        }
+    }
+
     private DataCenter validateAndGetZoneForKubernetesCreateParameters(Long zoneId, Long networkId) {
         DataCenter zone = dataCenterDao.findById(zoneId);
         if (zone == null) {
@@ -1191,6 +1265,20 @@ private Network getKubernetesClusterNetworkIfMissing(final String clusterName, f
         return network;
     }
 
+    private void persistAffinityGroupMappings(long clusterId, Map<String, List<Long>> affinityGroupNodeTypeMap) {
+        if (MapUtils.isEmpty(affinityGroupNodeTypeMap)) {
+            return;
+        }
+        for (Map.Entry<String, List<Long>> nodeTypeAffinityGroupEntry : affinityGroupNodeTypeMap.entrySet()) {
+            String nodeType = nodeTypeAffinityGroupEntry.getKey();
+            List<Long> affinityGroupIds = nodeTypeAffinityGroupEntry.getValue();
+            for (Long affinityGroupId : affinityGroupIds) {
+                kubernetesClusterAffinityGroupMapDao.persist(
+                    new KubernetesClusterAffinityGroupMapVO(clusterId, nodeType, affinityGroupId));
+            }
+        }
+    }
+
     private void addKubernetesClusterDetails(final KubernetesCluster kubernetesCluster, final Network network, final CreateKubernetesClusterCmd cmd) {
         final String externalLoadBalancerIpAddress = cmd.getExternalLoadBalancerIpAddress();
         final String dockerRegistryUserName = cmd.getDockerRegistryUserName();
@@ -1630,6 +1718,7 @@ public KubernetesCluster createManagedKubernetesCluster(CreateKubernetesClusterC
         }
 
         Map<String, Long> templateNodeTypeMap = cmd.getTemplateNodeTypeMap();
+        Map<String, List<Long>> affinityGroupNodeTypeMap = cmd.getAffinityGroupNodeTypeMap();
         final VMTemplateVO finalTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, DEFAULT, clusterKubernetesVersion);
         final VMTemplateVO controlNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, CONTROL, clusterKubernetesVersion);
         final VMTemplateVO workerNodeTemplate = getKubernetesServiceTemplate(zone, hypervisorType, templateNodeTypeMap, WORKER, clusterKubernetesVersion);
@@ -1675,6 +1764,7 @@ public KubernetesClusterVO doInTransaction(TransactionStatus status) {
                 }
                 newCluster.setCsiEnabled(cmd.getEnableCsi());
                 kubernetesClusterDao.persist(newCluster);
+                persistAffinityGroupMappings(newCluster.getId(), affinityGroupNodeTypeMap);
                 addKubernetesClusterDetails(newCluster, defaultNetwork, cmd);
                 return newCluster;
             }
@@ -2231,6 +2321,94 @@ public boolean upgradeKubernetesCluster(UpgradeKubernetesClusterCmd cmd) throws
         return upgradeWorker.upgradeCluster();
     }
 
+    @Override
+    @ActionEvent(eventType = KubernetesClusterEventTypes.EVENT_KUBERNETES_CLUSTER_AFFINITY_UPDATE,
+            eventDescription = "updating Kubernetes cluster affinity groups")
+    public boolean updateKubernetesClusterAffinityGroups(UpdateKubernetesClusterAffinityGroupCmd cmd) throws CloudRuntimeException {
+        if (!KubernetesServiceEnabled.value()) {
+            logAndThrow(Level.ERROR, "Kubernetes Service plugin is disabled");
+        }
+        KubernetesClusterVO kubernetesCluster = validateClusterForAffinityGroupUpdate(cmd.getId());
+        Map<String, List<Long>> affinityGroupNodeTypeMap = cmd.getAffinityGroupNodeTypeMap();
+        validateNodeAffinityGroups(affinityGroupNodeTypeMap, kubernetesCluster.getAccountId());
+
+        final Long clusterId = kubernetesCluster.getId();
+        Transaction.execute(new TransactionCallbackNoReturn() {
+            @Override
+            public void doInTransactionWithoutResult(TransactionStatus status) {
+                kubernetesClusterAffinityGroupMapDao.removeByClusterId(clusterId);
+                persistAffinityGroupMappings(clusterId, affinityGroupNodeTypeMap);
+                syncVmAffinityGroups(clusterId, affinityGroupNodeTypeMap);
+            }
+        });
+        logger.info("Updated affinity groups for Kubernetes cluster {}", kubernetesCluster.getName());
+        return true;
+    }
+
+    private KubernetesClusterVO validateClusterForAffinityGroupUpdate(Long clusterId) {
+        KubernetesClusterVO kubernetesCluster = kubernetesClusterDao.findById(clusterId);
+        if (Objects.isNull(kubernetesCluster) || Objects.nonNull(kubernetesCluster.getRemoved())) {
+            throw new InvalidParameterValueException("Invalid Kubernetes cluster ID");
+        }
+        if (!KubernetesCluster.ClusterType.CloudManaged.equals(kubernetesCluster.getClusterType())) {
+            throw new InvalidParameterValueException("Affinity groups can only be updated for CloudManaged Kubernetes clusters");
+        }
+        if (!KubernetesCluster.State.Stopped.equals(kubernetesCluster.getState())) {
+            throw new InvalidParameterValueException(String.format(
+                    "Kubernetes cluster %s must be stopped before updating affinity groups (current state: %s)",
+                    kubernetesCluster.getName(), kubernetesCluster.getState()));
+        }
+        accountManager.checkAccess(CallContext.current().getCallingAccount(),
+                SecurityChecker.AccessType.OperateEntry, false, kubernetesCluster);
+        return kubernetesCluster;
+    }
+
+    private void validateNodeAffinityGroups(Map<String, List<Long>> affinityGroupNodeTypeMap, long ownerAccountId) {
+        if (MapUtils.isEmpty(affinityGroupNodeTypeMap)) {
+            return;
+        }
+        Account owner = accountDao.findById(ownerAccountId);
+        for (List<Long> affinityGroupIds : affinityGroupNodeTypeMap.values()) {
+            for (Long affinityGroupId : affinityGroupIds) {
+                AffinityGroupVO affinityGroup = affinityGroupDao.findById(affinityGroupId);
+                if (Objects.isNull(affinityGroup)) {
+                    throw new InvalidParameterValueException("Unable to find affinity group with ID: " + affinityGroupId);
+                }
+                if (affinityGroup.getAccountId() != owner.getAccountId()) {
+                    throw new InvalidParameterValueException(String.format(
+                            "Affinity group %s does not belong to the cluster owner account %s",
+                            affinityGroup.getName(), owner.getAccountName()));
+                }
+            }
+        }
+    }
+
+    private void syncVmAffinityGroups(Long clusterId, Map<String, List<Long>> affinityGroupNodeTypeMap) {
+        List<KubernetesClusterVmMapVO> clusterVmMappings = kubernetesClusterVmMapDao.listByClusterId(clusterId);
+        if (CollectionUtils.isEmpty(clusterVmMappings)) {
+            return;
+        }
+        Map<String, List<Long>> nodeTypeAffinityMap = MapUtils.isEmpty(affinityGroupNodeTypeMap)
+                ? Collections.emptyMap() : affinityGroupNodeTypeMap;
+        for (KubernetesClusterVmMapVO clusterVmMapping : clusterVmMappings) {
+            if (clusterVmMapping.isExternalNode()) {
+                continue;
+            }
+            String nodeType = getNodeType(clusterVmMapping);
+            affinityGroupVMMapDao.updateMap(clusterVmMapping.getVmId(),
+                    nodeTypeAffinityMap.getOrDefault(nodeType, Collections.emptyList()));
+        }
+    }
+
+    private String getNodeType(KubernetesClusterVmMapVO clusterVmMapping) {
+        if (clusterVmMapping.isControlNode()) {
+            return CONTROL.name();
+        } else if (clusterVmMapping.isEtcdNode()) {
+            return ETCD.name();
+        }
+        return WORKER.name();
+    }
+
     private void updateNodeCount(KubernetesClusterVO kubernetesCluster) {
         List<KubernetesClusterVmMapVO> nodeList = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
         kubernetesCluster.setControlNodeCount(nodeList.stream().filter(KubernetesClusterVmMapVO::isControlNode).count());
@@ -2292,6 +2470,7 @@ public boolean addNodesToKubernetesCluster(AddNodesToKubernetesClusterCmd cmd) {
         if (validNodeIds.isEmpty()) {
             throw new CloudRuntimeException("No valid nodes found to be added to the Kubernetes cluster");
         }
+        validateNodeAffinityGroups(validNodeIds, kubernetesCluster);
         KubernetesClusterAddWorker addWorker = new KubernetesClusterAddWorker(kubernetesCluster, KubernetesClusterManagerImpl.this);
         addWorker = ComponentContext.inject(addWorker);
         return addWorker.addNodesToCluster(validNodeIds, cmd.isMountCksIsoOnVr(), cmd.isManualUpgrade());
@@ -2351,6 +2530,98 @@ private List<Long> validateNodes(List<Long> nodeIds, Long networkId, String netw
         return validNodeIds;
     }
 
+    protected void validateNodeAffinityGroups(List<Long> nodeIds, KubernetesCluster cluster) {
+        List<Long> workerAffinityGroupIds = kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(
+                cluster.getId(), WORKER.name());
+        if (CollectionUtils.isEmpty(workerAffinityGroupIds)) {
+            return;
+        }
+
+        Set<Long> existingWorkerHostIds = getExistingWorkerHostIds(cluster);
+
+        for (Long affinityGroupId : workerAffinityGroupIds) {
+            AffinityGroupVO affinityGroup = affinityGroupDao.findById(affinityGroupId);
+            if (affinityGroup == null) {
+                continue;
+            }
+
+            validateNodesAgainstExistingWorkers(nodeIds, existingWorkerHostIds, affinityGroup, cluster);
+            validateNewNodesAntiAffinity(nodeIds, affinityGroup, cluster);
+        }
+    }
+
+    protected Set<Long> getExistingWorkerHostIds(KubernetesCluster cluster) {
+        List<KubernetesClusterVmMapVO> existingWorkerVms = kubernetesClusterVmMapDao.listByClusterIdAndVmType(cluster.getId(), WORKER);
+        Set<Long> existingWorkerHostIds = new HashSet<>();
+        for (KubernetesClusterVmMapVO workerVmMap : existingWorkerVms) {
+            VMInstanceVO workerVm = vmInstanceDao.findById(workerVmMap.getVmId());
+            if (workerVm != null && workerVm.getHostId() != null) {
+                existingWorkerHostIds.add(workerVm.getHostId());
+            }
+        }
+        return existingWorkerHostIds;
+    }
+
+    protected void validateNodesAgainstExistingWorkers(List<Long> nodeIds, Set<Long> existingWorkerHostIds,
+                                                       AffinityGroupVO affinityGroup, KubernetesCluster cluster) {
+        for (Long nodeId : nodeIds) {
+            VMInstanceVO node = vmInstanceDao.findById(nodeId);
+            if (node == null || node.getHostId() == null) {
+                continue;
+            }
+            Long nodeHostId = node.getHostId();
+            String nodeHostName = getHostName(nodeHostId);
+
+            if (AffinityProcessorBase.AFFINITY_TYPE_HOST_ANTI.equals(affinityGroup.getType())) {
+                if (existingWorkerHostIds.contains(nodeHostId)) {
+                    throw new InvalidParameterValueException(String.format(
+                            "Cannot add VM %s to cluster %s. VM is running on host %s which violates the cluster's " +
+                            "host anti-affinity rule (affinity group: %s). Existing worker VMs are already running on this host.",
+                            node.getInstanceName(), cluster.getName(), nodeHostName, affinityGroup.getName()));
+                }
+            } else if (AffinityProcessorBase.AFFINITY_TYPE_HOST.equals(affinityGroup.getType())) {
+                if (!existingWorkerHostIds.isEmpty() && !existingWorkerHostIds.contains(nodeHostId)) {
+                    List<String> existingHostNames = existingWorkerHostIds.stream()
+                            .map(this::getHostName)
+                            .collect(Collectors.toList());
+                    throw new InvalidParameterValueException(String.format(
+                            "Cannot add VM %s to cluster %s. VM is running on host %s which violates the cluster's " +
+                            "host affinity rule (affinity group: %s). All worker VMs must run on the same host. " +
+                            "Existing workers are on host(s): %s.",
+                            node.getInstanceName(), cluster.getName(), nodeHostName, affinityGroup.getName(),
+                            String.join(", ", existingHostNames)));
+                }
+            }
+        }
+    }
+
+    protected void validateNewNodesAntiAffinity(List<Long> nodeIds, AffinityGroupVO affinityGroup, KubernetesCluster cluster) {
+        if (!AffinityProcessorBase.AFFINITY_TYPE_HOST_ANTI.equals(affinityGroup.getType())) {
+            return;
+        }
+
+        Set<Long> newNodeHostIds = new HashSet<>();
+        for (Long nodeId : nodeIds) {
+            VMInstanceVO node = vmInstanceDao.findById(nodeId);
+            if (node != null && node.getHostId() != null) {
+                Long nodeHostId = node.getHostId();
+                if (newNodeHostIds.contains(nodeHostId)) {
+                    String nodeHostName = getHostName(nodeHostId);
+                    throw new InvalidParameterValueException(String.format(
+                            "Cannot add VM %s to cluster %s. Multiple VMs being added are running on the same host %s, " +
+                            "which violates the cluster's host anti-affinity rule (affinity group: %s).",
+                            node.getInstanceName(), cluster.getName(), nodeHostName, affinityGroup.getName()));
+                }
+                newNodeHostIds.add(nodeHostId);
+            }
+        }
+    }
+
+    protected String getHostName(Long hostId) {
+        HostVO host = hostDao.findById(hostId);
+        return host != null ? host.getName() : String.valueOf(hostId);
+    }
+
     @Override
     public List<RemoveVirtualMachinesFromKubernetesClusterResponse> removeVmsFromCluster(RemoveVirtualMachinesFromKubernetesClusterCmd cmd) {
         if (!KubernetesServiceEnabled.value()) {
@@ -2487,6 +2758,7 @@ public List<Class<?>> getCommands() {
         cmdList.add(RemoveVirtualMachinesFromKubernetesClusterCmd.class);
         cmdList.add(AddNodesToKubernetesClusterCmd.class);
         cmdList.add(RemoveNodesFromKubernetesClusterCmd.class);
+        cmdList.add(UpdateKubernetesClusterAffinityGroupCmd.class);
         return cmdList;
     }
 
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
index 6bdb4265e019..1d19127dc54a 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java
@@ -32,6 +32,7 @@
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.ScaleKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.StartKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.StopKubernetesClusterCmd;
+import org.apache.cloudstack.api.command.user.kubernetes.cluster.UpdateKubernetesClusterAffinityGroupCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.UpgradeKubernetesClusterCmd;
 import org.apache.cloudstack.api.response.KubernetesClusterConfigResponse;
 import org.apache.cloudstack.api.response.KubernetesClusterResponse;
@@ -171,6 +172,8 @@ public interface KubernetesClusterService extends PluggableService, Configurable
 
     boolean upgradeKubernetesCluster(UpgradeKubernetesClusterCmd cmd) throws CloudRuntimeException;
 
+    boolean updateKubernetesClusterAffinityGroups(UpdateKubernetesClusterAffinityGroupCmd cmd) throws CloudRuntimeException;
+
     boolean addVmsToCluster(AddVirtualMachinesToKubernetesClusterCmd cmd);
 
     boolean addNodesToKubernetesCluster(AddNodesToKubernetesClusterCmd cmd);
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImpl.java
index 30465c99780d..9faeb56aea4e 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImpl.java
@@ -18,12 +18,16 @@
 
 import java.lang.reflect.Field;
 import java.lang.reflect.Modifier;
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 
 import javax.inject.Inject;
 
+import org.apache.cloudstack.affinity.AffinityGroup;
+import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.offering.ServiceOffering;
 import com.cloud.service.dao.ServiceOfferingDao;
@@ -66,6 +70,8 @@ public class KubernetesServiceHelperImpl extends AdapterBase implements Kubernet
     @Inject
     protected VMTemplateDao vmTemplateDao;
     @Inject
+    protected AffinityGroupDao affinityGroupDao;
+    @Inject
     KubernetesClusterService kubernetesClusterService;
 
     protected void setEventTypeEntityDetails(Class<?> eventTypeDefinedClass, Class<?> entityClass) {
@@ -123,6 +129,27 @@ public void checkVmCanBeDestroyed(UserVm userVm) {
         throw new CloudRuntimeException(msg);
     }
 
+    @Override
+    public void checkVmAffinityGroupsCanBeUpdated(UserVm userVm) {
+        if (!UserVmManager.CKS_NODE.equals(userVm.getUserVmType())) {
+            return;
+        }
+        KubernetesClusterVmMapVO clusterVmMapping = kubernetesClusterVmMapDao.findByVmId(userVm.getId());
+        if (Objects.isNull(clusterVmMapping)) {
+            return;
+        }
+        KubernetesCluster kubernetesCluster = kubernetesClusterDao.findById(clusterVmMapping.getClusterId());
+        String errorMessage = "Affinity groups cannot be updated for a VM part of Kubernetes cluster";
+        if (Objects.nonNull(kubernetesCluster)) {
+            if (KubernetesCluster.ClusterType.ExternalManaged.equals(kubernetesCluster.getClusterType())) {
+                return;
+            }
+            errorMessage += String.format(": %s", kubernetesCluster.getName());
+        }
+        errorMessage += ". Please use the cluster's Change Affinity option instead.";
+        throw new CloudRuntimeException(errorMessage);
+    }
+
     @Override
     public boolean isValidNodeType(String nodeType) {
         if (StringUtils.isBlank(nodeType)) {
@@ -244,6 +271,81 @@ public Map<String, Long> getTemplateNodeTypeMap(Map<String, Map<String, String>>
         return mapping;
     }
 
+    protected void checkNodeTypeAffinityGroupEntryCompleteness(String nodeType, String affinityGroupUuids) {
+        if (StringUtils.isAnyBlank(nodeType, affinityGroupUuids)) {
+            String error = String.format("Any Node Type to Affinity Group entry should have valid '%s' and '%s' values",
+                    VmDetailConstants.CKS_NODE_TYPE, VmDetailConstants.AFFINITY_GROUP);
+            logger.error(error);
+            throw new InvalidParameterValueException(error);
+        }
+    }
+
+    protected void checkNodeTypeAffinityGroupEntryNodeType(String nodeType) {
+        if (!isValidNodeType(nodeType)) {
+            String error = String.format("The provided value '%s' for Node Type is invalid", nodeType);
+            logger.error(error);
+            throw new InvalidParameterValueException(error);
+        }
+    }
+
+    protected Long validateAffinityGroupUuidAndGetId(String affinityGroupUuid) {
+        if (StringUtils.isBlank(affinityGroupUuid)) {
+            String error = "Empty affinity group UUID provided";
+            logger.error(error);
+            throw new InvalidParameterValueException(error);
+        }
+        AffinityGroup affinityGroup = affinityGroupDao.findByUuid(affinityGroupUuid);
+        if (affinityGroup == null) {
+            String error = String.format("Cannot find an affinity group with ID %s", affinityGroupUuid);
+            logger.error(error);
+            throw new InvalidParameterValueException(error);
+        }
+        return affinityGroup.getId();
+    }
+
+    protected List<Long> validateAndGetAffinityGroupIds(String affinityGroupUuids) {
+        String[] uuids = affinityGroupUuids.split(",");
+        List<Long> affinityGroupIds = new ArrayList<>();
+        for (String uuid : uuids) {
+            String trimmedUuid = uuid.trim();
+            Long affinityGroupId = validateAffinityGroupUuidAndGetId(trimmedUuid);
+            affinityGroupIds.add(affinityGroupId);
+        }
+        return affinityGroupIds;
+    }
+
+    protected void addNodeTypeAffinityGroupEntry(String nodeType, List<Long> affinityGroupIds, Map<String, List<Long>> nodeTypeToAffinityGroupIds) {
+        if (logger.isDebugEnabled()) {
+            logger.debug(String.format("Node Type: '%s' should use affinity group IDs: '%s'", nodeType, affinityGroupIds));
+        }
+        KubernetesClusterNodeType clusterNodeType = KubernetesClusterNodeType.valueOf(nodeType.toUpperCase());
+        nodeTypeToAffinityGroupIds.put(clusterNodeType.name(), affinityGroupIds);
+    }
+
+    protected void processNodeTypeAffinityGroupEntryAndAddToMappingIfValid(Map<String, String> nodeTypeAffinityConfig, Map<String, List<Long>> nodeTypeToAffinityGroupIds) {
+        if (MapUtils.isEmpty(nodeTypeAffinityConfig)) {
+            return;
+        }
+        String nodeType = nodeTypeAffinityConfig.get(VmDetailConstants.CKS_NODE_TYPE);
+        String affinityGroupUuids = nodeTypeAffinityConfig.get(VmDetailConstants.AFFINITY_GROUP);
+        checkNodeTypeAffinityGroupEntryCompleteness(nodeType, affinityGroupUuids);
+        checkNodeTypeAffinityGroupEntryNodeType(nodeType);
+
+        List<Long> affinityGroupIds = validateAndGetAffinityGroupIds(affinityGroupUuids);
+        addNodeTypeAffinityGroupEntry(nodeType, affinityGroupIds, nodeTypeToAffinityGroupIds);
+    }
+
+    @Override
+    public Map<String, List<Long>> getAffinityGroupNodeTypeMap(Map<String, Map<String, String>> affinityGroupNodeTypeMap) {
+        Map<String, List<Long>> nodeTypeToAffinityGroupIds = new HashMap<>();
+        if (MapUtils.isNotEmpty(affinityGroupNodeTypeMap)) {
+            for (Map<String, String> nodeTypeAffinityConfig : affinityGroupNodeTypeMap.values()) {
+                processNodeTypeAffinityGroupEntryAndAddToMappingIfValid(nodeTypeAffinityConfig, nodeTypeToAffinityGroupIds);
+            }
+        }
+        return nodeTypeToAffinityGroupIds;
+    }
+
     public void cleanupForAccount(Account account) {
         kubernetesClusterService.cleanupForAccount(account);
     }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
index 1d4b6e8d0a84..4fcf6fa7686d 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java
@@ -28,9 +28,11 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.stream.Collectors;
 
@@ -63,7 +65,9 @@
 import com.cloud.vm.dao.NicDao;
 import com.cloud.vm.UserVmManager;
 import org.apache.cloudstack.affinity.AffinityGroupVO;
+import org.apache.cloudstack.affinity.AffinityProcessorBase;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
+import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
 import org.apache.cloudstack.api.ApiCommandResourceType;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd;
@@ -90,6 +94,7 @@
 import com.cloud.kubernetes.cluster.KubernetesClusterManagerImpl;
 import com.cloud.kubernetes.cluster.KubernetesClusterVO;
 import com.cloud.kubernetes.cluster.KubernetesClusterVmMapVO;
+import com.cloud.kubernetes.cluster.dao.KubernetesClusterAffinityGroupMapDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterDetailsDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDao;
@@ -124,10 +129,12 @@
 import com.cloud.utils.fsm.StateMachine2;
 import com.cloud.utils.ssh.SshHelper;
 import com.cloud.vm.VMInstanceDetailVO;
+import com.cloud.vm.VMInstanceVO;
 import com.cloud.vm.UserVmService;
 import com.cloud.vm.UserVmVO;
 import com.cloud.vm.VmDetailConstants;
 import com.cloud.vm.dao.UserVmDao;
+import com.cloud.vm.dao.VMInstanceDao;
 import com.cloud.vm.dao.VMInstanceDetailsDao;
 
 import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.CONTROL;
@@ -213,10 +220,15 @@ public class KubernetesClusterActionWorker {
     private NicDao nicDao;
     @Inject
     protected AffinityGroupDao affinityGroupDao;
+    @Inject
+    protected AffinityGroupVMMapDao affinityGroupVMMapDao;
+    @Inject
+    protected VMInstanceDao vmInstanceDao;
 
     protected KubernetesClusterDao kubernetesClusterDao;
     protected KubernetesClusterVmMapDao kubernetesClusterVmMapDao;
     protected KubernetesClusterDetailsDao kubernetesClusterDetailsDao;
+    protected KubernetesClusterAffinityGroupMapDao kubernetesClusterAffinityGroupMapDao;
     protected KubernetesSupportedVersionDao kubernetesSupportedVersionDao;
 
     protected KubernetesCluster kubernetesCluster;
@@ -251,6 +263,7 @@ protected KubernetesClusterActionWorker(final KubernetesCluster kubernetesCluste
         this.kubernetesClusterDao = clusterManager.kubernetesClusterDao;
         this.kubernetesClusterDetailsDao = clusterManager.kubernetesClusterDetailsDao;
         this.kubernetesClusterVmMapDao = clusterManager.kubernetesClusterVmMapDao;
+        this.kubernetesClusterAffinityGroupMapDao = clusterManager.kubernetesClusterAffinityGroupMapDao;
         this.kubernetesSupportedVersionDao = clusterManager.kubernetesSupportedVersionDao;
         this.manager = clusterManager;
     }
@@ -1112,4 +1125,76 @@ public Long getExplicitAffinityGroup(Long domainId, Long accountId) {
         }
         return null;
     }
+
+    protected List<Long> getAffinityGroupIdsForNodeType(KubernetesClusterNodeType nodeType) {
+        List<Long> affinityGroupIds = kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(
+            kubernetesCluster.getId(), nodeType.name());
+        if (CollectionUtils.isEmpty(affinityGroupIds)) {
+            return new ArrayList<>();
+        }
+        return new ArrayList<>(affinityGroupIds);
+    }
+
+    protected List<Long> getMergedAffinityGroupIds(KubernetesClusterNodeType nodeType, Long domainId, Long accountId) {
+        List<Long> affinityGroupIds = getAffinityGroupIdsForNodeType(nodeType);
+        Long explicitAffinityGroupId = getExplicitAffinityGroup(domainId, accountId);
+        if (explicitAffinityGroupId != null && !affinityGroupIds.contains(explicitAffinityGroupId)) {
+            affinityGroupIds.add(explicitAffinityGroupId);
+        }
+        return affinityGroupIds.isEmpty() ? null : affinityGroupIds;
+    }
+
+    private Set<Long> getRunningVmHostIds(Long affinityGroupId) {
+        return affinityGroupVMMapDao.listVmIdsByAffinityGroup(affinityGroupId).stream()
+                .map(vmInstanceDao::findById)
+                .filter(vm -> Objects.nonNull(vm) && Objects.nonNull(vm.getHostId()) && VirtualMachine.State.Running.equals(vm.getState()))
+                .map(VMInstanceVO::getHostId)
+                .collect(Collectors.toSet());
+    }
+
+    protected AffinityConstraints resolveAffinityConstraints(KubernetesClusterNodeType nodeType, Long domainId, Long accountId) {
+        Set<Long> antiAffinityOccupiedHosts = new HashSet<>();
+        Long requiredHostId = null;
+        boolean hasHostAntiAffinity = false;
+        boolean hasHostAffinity = false;
+
+        if (Objects.nonNull(nodeType)) {
+            List<Long> affinityGroupIds = getMergedAffinityGroupIds(nodeType, domainId, accountId);
+            if (CollectionUtils.isNotEmpty(affinityGroupIds)) {
+            for (Long affinityGroupId : affinityGroupIds) {
+                AffinityGroupVO affinityGroup = affinityGroupDao.findById(affinityGroupId);
+                if (Objects.isNull(affinityGroup)) {
+                    continue;
+                }
+                if (AffinityProcessorBase.AFFINITY_TYPE_HOST_ANTI.equals(affinityGroup.getType())) {
+                    hasHostAntiAffinity = true;
+                    antiAffinityOccupiedHosts.addAll(getRunningVmHostIds(affinityGroupId));
+                } else if (AffinityProcessorBase.AFFINITY_TYPE_HOST.equals(affinityGroup.getType())) {
+                    hasHostAffinity = true;
+                    Set<Long> hostIds = getRunningVmHostIds(affinityGroupId);
+                    if (CollectionUtils.isNotEmpty(hostIds)) {
+                        requiredHostId = hostIds.iterator().next();
+                    }
+                }
+            }
+            }
+        }
+
+        return new AffinityConstraints(hasHostAntiAffinity, hasHostAffinity, antiAffinityOccupiedHosts, requiredHostId);
+    }
+
+    protected static class AffinityConstraints {
+        final boolean hasHostAntiAffinity;
+        final boolean hasHostAffinity;
+        final Set<Long> antiAffinityOccupiedHosts;
+        final Long requiredHostId;
+
+        AffinityConstraints(boolean hasHostAntiAffinity, boolean hasHostAffinity,
+                            Set<Long> antiAffinityOccupiedHosts, Long requiredHostId) {
+            this.hasHostAntiAffinity = hasHostAntiAffinity;
+            this.hasHostAffinity = hasHostAffinity;
+            this.antiAffinityOccupiedHosts = antiAffinityOccupiedHosts;
+            this.requiredHostId = requiredHostId;
+        }
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
index 62bd8b4576a4..dc886117b22e 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterDestroyWorker.java
@@ -348,6 +348,7 @@ public boolean destroy() throws CloudRuntimeException {
         stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationSucceeded);
         annotationDao.removeByEntityType(AnnotationService.EntityType.KUBERNETES_CLUSTER.name(), kubernetesCluster.getUuid());
         kubernetesClusterDetailsDao.removeDetails(kubernetesCluster.getId());
+        kubernetesClusterAffinityGroupMapDao.removeByClusterId(kubernetesCluster.getId());
         boolean deleted = kubernetesClusterDao.remove(kubernetesCluster.getId());
         if (!deleted) {
             logMessage(Level.WARN, String.format("Failed to delete Kubernetes cluster: %s", kubernetesCluster), null);
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
index cf69234d19e0..1ed75f14dfb1 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java
@@ -26,7 +26,6 @@
 import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -116,7 +115,6 @@
 import com.cloud.vm.UserVmManager;
 import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.VmDetailConstants;
-import com.cloud.vm.dao.VMInstanceDao;
 import org.apache.cloudstack.api.ApiCommandResourceType;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.logging.log4j.Level;
@@ -152,8 +150,6 @@ public class KubernetesClusterResourceModifierActionWorker extends KubernetesClu
     @Inject
     protected LoadBalancerDao loadBalancerDao;
     @Inject
-    protected VMInstanceDao vmInstanceDao;
-    @Inject
     protected UserVmManager userVmManager;
     @Inject
     protected LaunchPermissionDao launchPermissionDao;
@@ -177,8 +173,33 @@ protected void init() {
         kubernetesClusterNodeNamePrefix = getKubernetesClusterNodeNamePrefix();
     }
 
+    protected List<HostVO> filterHostsByAffinityConstraints(List<HostVO> hosts, AffinityConstraints constraints, DataCenter zone)
+            throws InsufficientServerCapacityException {
+        if (constraints.hasHostAffinity && Objects.nonNull(constraints.requiredHostId)) {
+            hosts = hosts.stream().filter(host -> host.getId() == constraints.requiredHostId.longValue()).collect(Collectors.toList());
+            if (CollectionUtils.isEmpty(hosts)) {
+                String msg = String.format("Cannot find capacity for Kubernetes cluster: host affinity requires all VMs on host %d but it is not available in zone %s",
+                        constraints.requiredHostId, zone.getName());
+                throw new InsufficientServerCapacityException(msg, DataCenter.class, zone.getId());
+            }
+        }
+
+        if (constraints.hasHostAntiAffinity) {
+            hosts = hosts.stream().filter(host -> !constraints.antiAffinityOccupiedHosts.contains(host.getId())).collect(Collectors.toList());
+            if (CollectionUtils.isEmpty(hosts)) {
+                String msg = String.format("Cannot find capacity for Kubernetes cluster: host anti-affinity requires each VM on a separate host, " +
+                        "but all %d available hosts in zone %s are already occupied by existing cluster VMs",
+                        constraints.antiAffinityOccupiedHosts.size(), zone.getName());
+                throw new InsufficientServerCapacityException(msg, DataCenter.class, zone.getId());
+            }
+        }
+
+        return hosts;
+    }
+
     protected DeployDestination plan(final long nodesCount, final DataCenter zone, final ServiceOffering offering,
-                                     final Long domainId, final Long accountId, final Hypervisor.HypervisorType hypervisorType, CPU.CPUArch arch) throws InsufficientServerCapacityException {
+                                     final Long domainId, final Long accountId, final Hypervisor.HypervisorType hypervisorType,
+                                     CPU.CPUArch arch, KubernetesClusterNodeType nodeType) throws InsufficientServerCapacityException {
         final int cpu_requested = offering.getCpu() * offering.getSpeed();
         final long ram_requested = offering.getRamSize() * 1024L * 1024L;
         boolean useDedicatedHosts = false;
@@ -191,26 +212,30 @@ protected DeployDestination plan(final long nodesCount, final DataCenter zone, f
             } else if (Objects.nonNull(domainId)) {
                 dedicatedHosts = dedicatedResourceDao.listByDomainId(domainId);
             }
-            for (DedicatedResourceVO dedicatedHost : dedicatedHosts) {
-                hosts.add(hostDao.findById(dedicatedHost.getHostId()));
+            for (DedicatedResourceVO dedicatedResource : dedicatedHosts) {
+                hosts.addAll(manager.getHostsForDedicatedResource(dedicatedResource, zone));
                 useDedicatedHosts = true;
             }
         }
         if (hosts.isEmpty()) {
             hosts = resourceManager.listAllHostsInOneZoneByType(Host.Type.Routing, zone.getId());
         }
-        if (hypervisorType != null) {
+        if (Objects.nonNull(hypervisorType)) {
             hosts = hosts.stream().filter(x -> x.getHypervisorType() == hypervisorType).collect(Collectors.toList());
         }
-        if (arch != null) {
+        if (Objects.nonNull(arch)) {
             hosts = hosts.stream().filter(x -> x.getArch().equals(arch)).collect(Collectors.toList());
         }
         if (CollectionUtils.isEmpty(hosts)) {
             String msg = String.format("Cannot find enough capacity for Kubernetes cluster(requested cpu=%d memory=%s) with offering: %s hypervisor: %s and arch: %s",
-                    cpu_requested * nodesCount, toHumanReadableSize(ram_requested * nodesCount), offering.getName(), clusterTemplate.getHypervisorType().toString(), arch.getType());
+                    cpu_requested * nodesCount, toHumanReadableSize(ram_requested * nodesCount), offering.getName(), clusterTemplate.getHypervisorType().toString(),
+                    Objects.nonNull(arch) ? arch.getType() : "null");
             logAndThrow(Level.WARN, msg, new InsufficientServerCapacityException(msg, DataCenter.class, zone.getId()));
         }
 
+        AffinityConstraints affinityConstraints = resolveAffinityConstraints(nodeType, domainId, accountId);
+        hosts = filterHostsByAffinityConstraints(hosts, affinityConstraints, zone);
+
         final Map<String, Pair<HostVO, Integer>> hosts_with_resevered_capacity = new ConcurrentHashMap<String, Pair<HostVO, Integer>>();
         for (HostVO h : hosts) {
             hosts_with_resevered_capacity.put(h.getUuid(), new Pair<HostVO, Integer>(h, 0));
@@ -230,6 +255,9 @@ protected DeployDestination plan(final long nodesCount, final DataCenter zone, f
                     continue;
                 }
                 int reserved = hp.second();
+                if (affinityConstraints.hasHostAntiAffinity && reserved > 0) {
+                    continue;
+                }
                 reserved++;
                 ClusterVO cluster = clusterDao.findById(h.getClusterId());
                 ClusterDetailsVO cluster_detail_cpu = clusterDetailsDao.findDetail(cluster.getId(), "cpuOvercommitRatio");
@@ -264,10 +292,17 @@ protected DeployDestination plan(final long nodesCount, final DataCenter zone, f
             }
             return new DeployDestination(zone, null, null, null);
         }
-        String msg = String.format("Cannot find enough capacity for Kubernetes cluster(requested cpu=%d memory=%s) with offering: %s hypervisor: %s and arch: %s",
-                cpu_requested * nodesCount, toHumanReadableSize(ram_requested * nodesCount), offering.getName(), clusterTemplate.getHypervisorType().toString(), arch.getType());
-
-        logger.warn(msg);
+        String msg;
+        if (affinityConstraints.hasHostAntiAffinity) {
+            msg = String.format("Cannot find enough capacity for Kubernetes cluster (requested cpu=%d memory=%s) with offering: %s. " +
+                    "Host anti-affinity requires %d separate hosts but not enough suitable hosts are available in zone %s",
+                    cpu_requested * nodesCount, toHumanReadableSize(ram_requested * nodesCount), offering.getName(),
+                    nodesCount, zone.getName());
+        } else {
+            msg = String.format("Cannot find enough capacity for Kubernetes cluster(requested cpu=%d memory=%s) with offering: %s hypervisor: %s and arch: %s",
+                    cpu_requested * nodesCount, toHumanReadableSize(ram_requested * nodesCount), offering.getName(), clusterTemplate.getHypervisorType().toString(),
+                    Objects.nonNull(arch) ? arch.getType() : "null");
+        }
         throw new InsufficientServerCapacityException(msg, DataCenter.class, zone.getId());
     }
 
@@ -296,7 +331,7 @@ protected Map<String, DeployDestination> planKubernetesCluster(Long domainId, Lo
             if (logger.isDebugEnabled()) {
                 logger.debug("Checking deployment destination for {} nodes on Kubernetes cluster : {} in zone : {}", nodeType.name(), kubernetesCluster.getName(), zone.getName());
             }
-            DeployDestination planForNodeType = plan(nodes, zone, nodeOffering, domainId, accountId, hypervisorType, arch);
+            DeployDestination planForNodeType = plan(nodes, zone, nodeOffering, domainId, accountId, hypervisorType, arch, nodeType);
             destinationMap.put(nodeType.name(), planForNodeType);
         }
         return destinationMap;
@@ -426,21 +461,19 @@ protected UserVm createKubernetesNode(String joinIp, Long domainId, Long account
         if (StringUtils.isNotBlank(kubernetesCluster.getKeyPair())) {
             keypairs.add(kubernetesCluster.getKeyPair());
         }
-        Long affinityGroupId = getExplicitAffinityGroup(domainId, accountId);
+        List<Long> affinityGroupIds = getMergedAffinityGroupIds(WORKER, domainId, accountId);
         if (kubernetesCluster.getSecurityGroupId() != null && networkModel.checkSecurityGroupSupportForNetwork(owner, zone, networkIds, List.of(kubernetesCluster.getSecurityGroupId()))) {
             List<Long> securityGroupIds = new ArrayList<>();
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
             nodeVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, workerNodeTemplate, networkIds, securityGroupIds, owner,
                     hostName, hostName, null, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
-                    null, addrs, null, null, Objects.nonNull(affinityGroupId) ?
-                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null,
+                    null, addrs, null, null, affinityGroupIds, customParameterMap, null, null, null,
                     null, true, null, UserVmManager.CKS_NODE, null, null);
         } else {
             nodeVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, workerNodeTemplate, networkIds, owner,
                     hostName, hostName, null, null, null, null,
                     Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
-                    null, addrs, null, null, Objects.nonNull(affinityGroupId) ?
-                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null, null, null);
+                    null, addrs, null, null, affinityGroupIds, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null, null, null);
         }
         if (logger.isInfoEnabled()) {
             logger.info("Created node VM : {}, {} in the Kubernetes cluster : {}", hostName, nodeVm, kubernetesCluster.getName());
@@ -660,7 +693,7 @@ protected void provisionLoadBalancerRule(final IpAddress publicIp, final Network
             ips.add(controlVmNic.getIPv4Address());
             vmIdIpMap.put(clusterVMIds.get(i), ips);
         }
-        lbService.assignToLoadBalancer(lb.getId(), null, vmIdIpMap, false);
+        lbService.assignToLoadBalancer(lb.getId(), null, vmIdIpMap, null, false);
     }
 
     protected Map<Long, Integer> createFirewallRules(IpAddress publicIp, List<Long> clusterVMIds, boolean apiRule) throws ManagementServerException {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
index 6d22a1a3a03d..c623426b137a 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java
@@ -24,10 +24,10 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
 import java.util.stream.Collectors;
 
-import javax.inject.Inject;
-
 import com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType;
 import com.cloud.service.ServiceOfferingVO;
 import com.cloud.storage.VMTemplateVO;
@@ -63,7 +63,6 @@
 import com.cloud.vm.UserVmVO;
 import com.cloud.vm.VMInstanceVO;
 import com.cloud.vm.VirtualMachine;
-import com.cloud.vm.dao.VMInstanceDao;
 import org.apache.logging.log4j.Level;
 
 import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.CONTROL;
@@ -73,9 +72,6 @@
 
 public class KubernetesClusterScaleWorker extends KubernetesClusterResourceModifierActionWorker {
 
-    @Inject
-    protected VMInstanceDao vmInstanceDao;
-
     private Map<String, ServiceOffering> serviceOfferingNodeTypeMap;
     private Long clusterSize;
     private List<Long> nodeIds;
@@ -325,7 +321,7 @@ private void validateKubernetesClusterScaleOfferingParameters() throws CloudRunt
         }
     }
 
-    private void validateKubernetesClusterScaleSizeParameters() throws CloudRuntimeException {
+    private void validateKubernetesClusterScaleSizeParameters(KubernetesClusterNodeType nodeType) throws CloudRuntimeException {
         final long originalClusterSize = kubernetesCluster.getNodeCount();
         if (network == null) {
             logTransitStateToFailedIfNeededAndThrow(Level.WARN, String.format("Scaling failed for Kubernetes cluster : %s, cluster network not found", kubernetesCluster.getName()));
@@ -341,12 +337,12 @@ private void validateKubernetesClusterScaleSizeParameters() throws CloudRuntimeE
             VMTemplateVO clusterTemplate = templateDao.findById(kubernetesCluster.getTemplateId());
             try {
                 if (originalState.equals(KubernetesCluster.State.Running)) {
-                    plan(newVmRequiredCount, zone, clusterServiceOffering, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId(), clusterTemplate.getHypervisorType(), clusterTemplate.getArch());
+                    plan(newVmRequiredCount, zone, clusterServiceOffering, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId(), clusterTemplate.getHypervisorType(), clusterTemplate.getArch(), nodeType);
                 } else {
-                    plan(kubernetesCluster.getTotalNodeCount() + newVmRequiredCount, zone, clusterServiceOffering, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId(), clusterTemplate.getHypervisorType(), clusterTemplate.getArch());
+                    plan(kubernetesCluster.getTotalNodeCount() + newVmRequiredCount, zone, clusterServiceOffering, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId(), clusterTemplate.getHypervisorType(), clusterTemplate.getArch(), nodeType);
                 }
             } catch (InsufficientCapacityException e) {
-                logTransitStateToFailedIfNeededAndThrow(Level.WARN, String.format("Scaling failed for Kubernetes cluster : %s in zone : %s, insufficient capacity", kubernetesCluster.getName(), zone.getName()));
+                logTransitStateToFailedIfNeededAndThrow(Level.WARN, String.format("Scaling failed for Kubernetes cluster : %s in zone : %s, insufficient capacity: %s", kubernetesCluster.getName(), zone.getName(), e.getMessage()));
             }
         }
         List<KubernetesClusterVmMapVO> vmList = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
@@ -465,10 +461,38 @@ public List<KubernetesClusterVmMapVO> getWorkerNodesToRemove() {
         return new ArrayList<>(workerVMsMap.subList(startIndex, totalWorkerNodes));
     }
 
+    private void cleanupNewlyCreatedVms(Set<Long> originalVmIds) {
+        List<KubernetesClusterVmMapVO> currentVmMaps = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
+        for (KubernetesClusterVmMapVO clusterVmMap : currentVmMaps) {
+            if (originalVmIds.contains(clusterVmMap.getVmId())) {
+                continue;
+            }
+            UserVmVO userVM = userVmDao.findById(clusterVmMap.getVmId());
+            if (Objects.isNull(userVM)) {
+                kubernetesClusterVmMapDao.expunge(clusterVmMap.getId());
+                continue;
+            }
+            logger.warn("Cleaning up VM {} created during failed scale-up of Kubernetes cluster {}", userVM, kubernetesCluster);
+            CallContext vmContext = CallContext.register(CallContext.current(), ApiCommandResourceType.VirtualMachine);
+            vmContext.setEventResourceId(userVM.getId());
+            try {
+                userVmService.destroyVm(userVM.getId(), true);
+                userVmManager.expunge(userVM);
+            } catch (Exception e) {
+                logger.warn("Failed to cleanup VM {} during scale-up rollback for Kubernetes cluster {}", userVM, kubernetesCluster, e);
+            } finally {
+                CallContext.unregister();
+            }
+            kubernetesClusterVmMapDao.expunge(clusterVmMap.getId());
+        }
+    }
+
     private void scaleUpKubernetesClusterSize(final long newVmCount) throws CloudRuntimeException {
         if (!kubernetesCluster.getState().equals(KubernetesCluster.State.Scaling)) {
             stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.ScaleUpRequested);
         }
+        Set<Long> originalVmIds = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId())
+                .stream().map(KubernetesClusterVmMapVO::getVmId).collect(Collectors.toSet());
         List<UserVm> clusterVMs = new ArrayList<>();
         if (isDefaultTemplateUsed()) {
             LaunchPermissionVO launchPermission = new LaunchPermissionVO(clusterTemplate.getId(), owner.getId());
@@ -478,6 +502,7 @@ private void scaleUpKubernetesClusterSize(final long newVmCount) throws CloudRun
             clusterVMs = provisionKubernetesClusterNodeVms((int)(newVmCount + kubernetesCluster.getNodeCount()), (int)kubernetesCluster.getNodeCount(), publicIpAddress, kubernetesCluster.getDomainId(), kubernetesCluster.getAccountId());
             updateLoginUserDetails(clusterVMs.stream().map(InternalIdentity::getId).collect(Collectors.toList()));
         } catch (CloudRuntimeException | ManagementServerException | ResourceUnavailableException | InsufficientCapacityException e) {
+            cleanupNewlyCreatedVms(originalVmIds);
             logTransitStateToFailedIfNeededAndThrow(Level.ERROR, String.format("Scaling failed for Kubernetes cluster : %s, unable to provision node VM in the cluster", kubernetesCluster.getName()), e);
         }
         try {
@@ -486,6 +511,7 @@ private void scaleUpKubernetesClusterSize(final long newVmCount) throws CloudRun
             clusterVMIds.addAll(externalNodeIds);
             scaleKubernetesClusterNetworkRules(clusterVMIds);
         } catch (ManagementServerException e) {
+            cleanupNewlyCreatedVms(originalVmIds);
             logTransitStateToFailedIfNeededAndThrow(Level.ERROR, String.format("Scaling failed for Kubernetes cluster : %s, unable to update network rules", kubernetesCluster.getName()), e);
         }
         attachIsoKubernetesVMs(clusterVMs);
@@ -496,12 +522,13 @@ private void scaleUpKubernetesClusterSize(final long newVmCount) throws CloudRun
         detachIsoKubernetesVMs(clusterVMs);
         deleteTemplateLaunchPermission();
         if (!readyNodesCountValid) { // Scaling failed
+            cleanupNewlyCreatedVms(originalVmIds);
             logTransitStateToFailedIfNeededAndThrow(Level.ERROR, String.format("Scaling unsuccessful for Kubernetes cluster : %s as it does not have desired number of nodes in ready state", kubernetesCluster.getName()));
         }
     }
 
     private void scaleKubernetesClusterSize(KubernetesClusterNodeType nodeType) throws CloudRuntimeException {
-        validateKubernetesClusterScaleSizeParameters();
+        validateKubernetesClusterScaleSizeParameters(nodeType);
         final long originalClusterSize = kubernetesCluster.getNodeCount();
         final long newVmRequiredCount = clusterSize - originalClusterSize;
         if (KubernetesCluster.State.Created.equals(originalState)) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
index aa9317e619b0..4ed5ff0167c2 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java
@@ -270,7 +270,7 @@ private Pair<UserVm,String> createKubernetesControlNode(final Network network, S
             keypairs.add(kubernetesCluster.getKeyPair());
         }
 
-        Long affinityGroupId = getExplicitAffinityGroup(domainId, accountId);
+        List<Long> affinityGroupIds = getMergedAffinityGroupIds(CONTROL, domainId, accountId);
         String userDataDetails = kubernetesCluster.getCniConfigDetails();
         if (kubernetesCluster.getSecurityGroupId() != null &&
                 networkModel.checkSecurityGroupSupportForNetwork(owner, zone, networkIds,
@@ -279,15 +279,13 @@ private Pair<UserVm,String> createKubernetesControlNode(final Network network, S
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
             controlVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, securityGroupIds, owner,
             hostName, hostName, null, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, userDataId, userDataDetails, keypairs,
-                    requestedIps, addrs, null, null, Objects.nonNull(affinityGroupId) ?
-                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null,
+                    requestedIps, addrs, null, null, affinityGroupIds, customParameterMap, null, null, null,
                     null, true, null, UserVmManager.CKS_NODE, null, null);
         } else {
             controlVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, owner,
                     hostName, hostName, null, null, null, null,
                     Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, userDataId, userDataDetails, keypairs,
-                    requestedIps, addrs, null, null, Objects.nonNull(affinityGroupId) ?
-                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null, null, null);
+                    requestedIps, addrs, null, null, affinityGroupIds, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null, null, null);
         }
         if (logger.isInfoEnabled()) {
             logger.info("Created control VM: {}, {} in the Kubernetes cluster: {}", controlVm, hostName, kubernetesCluster);
@@ -439,7 +437,7 @@ private UserVm createKubernetesAdditionalControlNode(final String joinIp, final
             keypairs.add(kubernetesCluster.getKeyPair());
         }
 
-        Long affinityGroupId = getExplicitAffinityGroup(domainId, accountId);
+        List<Long> affinityGroupIds = getMergedAffinityGroupIds(CONTROL, domainId, accountId);
         if (kubernetesCluster.getSecurityGroupId() != null &&
                 networkModel.checkSecurityGroupSupportForNetwork(owner, zone, networkIds,
                         List.of(kubernetesCluster.getSecurityGroupId()))) {
@@ -447,15 +445,13 @@ private UserVm createKubernetesAdditionalControlNode(final String joinIp, final
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
             additionalControlVm = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, securityGroupIds, owner,
                     hostName, hostName, null, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
-                    null, addrs, null, null, Objects.nonNull(affinityGroupId) ?
-                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null,
+                    null, addrs, null, null, affinityGroupIds, customParameterMap, null, null, null,
                     null, true, null, UserVmManager.CKS_NODE, null, null);
         } else {
             additionalControlVm = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, controlNodeTemplate, networkIds, owner,
                     hostName, hostName, null, null, null, null,
                     Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
-                    null, addrs, null, null, Objects.nonNull(affinityGroupId) ?
-                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null, null, null);
+                    null, addrs, null, null, affinityGroupIds, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null, null, null);
         }
 
         if (logger.isInfoEnabled()) {
@@ -483,7 +479,7 @@ private UserVm createEtcdNode(List<Network.IpAddresses> requestedIps, List<Strin
         if (StringUtils.isNotBlank(kubernetesCluster.getKeyPair())) {
             keypairs.add(kubernetesCluster.getKeyPair());
         }
-        Long affinityGroupId = getExplicitAffinityGroup(domainId, accountId);
+        List<Long> affinityGroupIds = getMergedAffinityGroupIds(ETCD, domainId, accountId);
         String hostName = etcdNodeHostnames.get(etcdNodeIndex);
         Map<String, String> customParameterMap = new HashMap<String, String>();
         if (zone.isSecurityGroupEnabled()) {
@@ -491,15 +487,13 @@ private UserVm createEtcdNode(List<Network.IpAddresses> requestedIps, List<Strin
             securityGroupIds.add(kubernetesCluster.getSecurityGroupId());
             etcdNode = userVmService.createAdvancedSecurityGroupVirtualMachine(zone, serviceOffering, etcdTemplate, networkIds, securityGroupIds, owner,
                     hostName, hostName, null, null, null, null, Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST,base64UserData, null, null, keypairs,
-                    Map.of(kubernetesCluster.getNetworkId(), requestedIps.get(etcdNodeIndex)), addrs, null, null, Objects.nonNull(affinityGroupId) ?
-                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null,
+                    Map.of(kubernetesCluster.getNetworkId(), requestedIps.get(etcdNodeIndex)), addrs, null, null, affinityGroupIds, customParameterMap, null, null, null,
                     null, true, null, null, null, null);
         } else {
             etcdNode = userVmService.createAdvancedVirtualMachine(zone, serviceOffering, etcdTemplate, networkIds, owner,
                     hostName, hostName, null, null, null, null,
                     Hypervisor.HypervisorType.None, BaseCmd.HTTPMethod.POST, base64UserData, null, null, keypairs,
-                    Map.of(kubernetesCluster.getNetworkId(), requestedIps.get(etcdNodeIndex)), addrs, null, null, Objects.nonNull(affinityGroupId) ?
-                            Collections.singletonList(affinityGroupId) : null, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null, null, null);
+                    Map.of(kubernetesCluster.getNetworkId(), requestedIps.get(etcdNodeIndex)), addrs, null, null, affinityGroupIds, customParameterMap, null, null, null, null, true, UserVmManager.CKS_NODE, null, null, null);
         }
 
         if (logger.isInfoEnabled()) {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterAffinityGroupMapDao.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterAffinityGroupMapDao.java
new file mode 100644
index 000000000000..8c152153a2cd
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterAffinityGroupMapDao.java
@@ -0,0 +1,31 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.kubernetes.cluster.dao;
+
+import java.util.List;
+
+import com.cloud.kubernetes.cluster.KubernetesClusterAffinityGroupMapVO;
+import com.cloud.utils.db.GenericDao;
+
+public interface KubernetesClusterAffinityGroupMapDao extends GenericDao<KubernetesClusterAffinityGroupMapVO, Long> {
+
+    List<KubernetesClusterAffinityGroupMapVO> listByClusterIdAndNodeType(long clusterId, String nodeType);
+
+    List<Long> listAffinityGroupIdsByClusterIdAndNodeType(long clusterId, String nodeType);
+
+    int removeByClusterId(long clusterId);
+}
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterAffinityGroupMapDaoImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterAffinityGroupMapDaoImpl.java
new file mode 100644
index 000000000000..fcd4d6f7c97f
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/dao/KubernetesClusterAffinityGroupMapDaoImpl.java
@@ -0,0 +1,72 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.kubernetes.cluster.dao;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.springframework.stereotype.Component;
+
+import com.cloud.kubernetes.cluster.KubernetesClusterAffinityGroupMapVO;
+import com.cloud.utils.db.GenericDaoBase;
+import com.cloud.utils.db.SearchBuilder;
+import com.cloud.utils.db.SearchCriteria;
+
+@Component
+public class KubernetesClusterAffinityGroupMapDaoImpl extends GenericDaoBase<KubernetesClusterAffinityGroupMapVO, Long>
+        implements KubernetesClusterAffinityGroupMapDao {
+
+    private final SearchBuilder<KubernetesClusterAffinityGroupMapVO> clusterIdAndNodeTypeSearch;
+    private final SearchBuilder<KubernetesClusterAffinityGroupMapVO> clusterIdSearch;
+
+    public KubernetesClusterAffinityGroupMapDaoImpl() {
+        clusterIdAndNodeTypeSearch = createSearchBuilder();
+        clusterIdAndNodeTypeSearch.and("clusterId", clusterIdAndNodeTypeSearch.entity().getClusterId(), SearchCriteria.Op.EQ);
+        clusterIdAndNodeTypeSearch.and("nodeType", clusterIdAndNodeTypeSearch.entity().getNodeType(), SearchCriteria.Op.EQ);
+        clusterIdAndNodeTypeSearch.done();
+
+        clusterIdSearch = createSearchBuilder();
+        clusterIdSearch.and("clusterId", clusterIdSearch.entity().getClusterId(), SearchCriteria.Op.EQ);
+        clusterIdSearch.done();
+    }
+
+    @Override
+    public List<KubernetesClusterAffinityGroupMapVO> listByClusterIdAndNodeType(long clusterId, String nodeType) {
+        SearchCriteria<KubernetesClusterAffinityGroupMapVO> sc = clusterIdAndNodeTypeSearch.create();
+        sc.setParameters("clusterId", clusterId);
+        sc.setParameters("nodeType", nodeType);
+        return listBy(sc);
+    }
+
+    @Override
+    public List<Long> listAffinityGroupIdsByClusterIdAndNodeType(long clusterId, String nodeType) {
+        List<KubernetesClusterAffinityGroupMapVO> maps = listByClusterIdAndNodeType(clusterId, nodeType);
+        if (CollectionUtils.isEmpty(maps)) {
+            return new ArrayList<>();
+        }
+        return maps.stream().map(KubernetesClusterAffinityGroupMapVO::getAffinityGroupId).collect(Collectors.toList());
+    }
+
+    @Override
+    public int removeByClusterId(long clusterId) {
+        SearchCriteria<KubernetesClusterAffinityGroupMapVO> sc = clusterIdSearch.create();
+        sc.setParameters("clusterId", clusterId);
+        return remove(sc);
+    }
+}
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
index d30922269da9..8d64fee26206 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/CreateKubernetesClusterCmd.java
@@ -17,6 +17,7 @@
 package org.apache.cloudstack.api.command.user.kubernetes.cluster;
 
 import java.security.InvalidParameterException;
+import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 
@@ -79,7 +80,7 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
     @Inject
     public KubernetesClusterService kubernetesClusterService;
     @Inject
-    protected KubernetesServiceHelper kubernetesClusterHelper;
+    protected KubernetesServiceHelper kubernetesServiceHelper;
     @Inject
     private ConfigurationDao configurationDao;
     @Inject
@@ -125,6 +126,12 @@ public class CreateKubernetesClusterCmd extends BaseAsyncCreateCmd {
             since = "4.21.0")
     private Map<String, Map<String, String>> templateNodeTypeMap;
 
+    @ACL(accessType = AccessType.UseEntry)
+    @Parameter(name = ApiConstants.NODE_TYPE_AFFINITY_GROUP_MAP, type = CommandType.MAP,
+            description = "(Optional) Node Type to Affinity Group ID mapping. If provided, VMs of each node type will be added to the specified affinity group",
+            since = "4.23.0")
+    private Map<String, Map<String, String>> affinityGroupNodeTypeMap;
+
     @ACL(accessType = AccessType.UseEntry)
     @Parameter(name = ApiConstants.ETCD_NODES, type = CommandType.LONG,
             description = "(Optional) Number of Kubernetes cluster etcd nodes, default is 0." +
@@ -314,11 +321,15 @@ public String getClusterType() {
     }
 
     public Map<String, Long> getServiceOfferingNodeTypeMap() {
-        return kubernetesClusterHelper.getServiceOfferingNodeTypeMap(serviceOfferingNodeTypeMap);
+        return kubernetesServiceHelper.getServiceOfferingNodeTypeMap(serviceOfferingNodeTypeMap);
     }
 
     public Map<String, Long> getTemplateNodeTypeMap() {
-        return kubernetesClusterHelper.getTemplateNodeTypeMap(templateNodeTypeMap);
+        return kubernetesServiceHelper.getTemplateNodeTypeMap(templateNodeTypeMap);
+    }
+
+    public Map<String, List<Long>> getAffinityGroupNodeTypeMap() {
+        return kubernetesServiceHelper.getAffinityGroupNodeTypeMap(affinityGroupNodeTypeMap);
     }
 
     public Hypervisor.HypervisorType getHypervisorType() {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java
index c7ee0b7da92a..1cff2649428d 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/ScaleKubernetesClusterCmd.java
@@ -57,7 +57,7 @@ public class ScaleKubernetesClusterCmd extends BaseAsyncCmd {
     @Inject
     public KubernetesClusterService kubernetesClusterService;
     @Inject
-    protected KubernetesServiceHelper kubernetesClusterHelper;
+    protected KubernetesServiceHelper kubernetesServiceHelper;
 
     /////////////////////////////////////////////////////
     //////////////// API parameters /////////////////////
@@ -114,7 +114,7 @@ public Long getServiceOfferingId() {
     }
 
     public Map<String, Long> getServiceOfferingNodeTypeMap() {
-        return kubernetesClusterHelper.getServiceOfferingNodeTypeMap(this.serviceOfferingNodeTypeMap);
+        return kubernetesServiceHelper.getServiceOfferingNodeTypeMap(this.serviceOfferingNodeTypeMap);
     }
 
     public Long getClusterSize() {
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/UpdateKubernetesClusterAffinityGroupCmd.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/UpdateKubernetesClusterAffinityGroupCmd.java
new file mode 100644
index 000000000000..16a19e410acd
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/UpdateKubernetesClusterAffinityGroupCmd.java
@@ -0,0 +1,113 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.kubernetes.cluster;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandResourceType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.KubernetesClusterResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.kubernetes.cluster.KubernetesCluster;
+import com.cloud.kubernetes.cluster.KubernetesClusterService;
+import com.cloud.kubernetes.cluster.KubernetesServiceHelper;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name = "updateKubernetesClusterAffinityGroups",
+        description = "Updates the affinity group mappings for a stopped Kubernetes cluster",
+        responseObject = KubernetesClusterResponse.class,
+        responseView = ResponseObject.ResponseView.Restricted,
+        entityType = {KubernetesCluster.class},
+        requestHasSensitiveInfo = false,
+        responseHasSensitiveInfo = true,
+        since = "4.23.0",
+        authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
+public class UpdateKubernetesClusterAffinityGroupCmd extends BaseCmd {
+
+    @Inject
+    public KubernetesClusterService kubernetesClusterService;
+    @Inject
+    protected KubernetesServiceHelper kubernetesServiceHelper;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+    @Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true,
+        entityType = KubernetesClusterResponse.class,
+        description = "The ID of the Kubernetes cluster")
+    private Long id;
+
+    @ACL(accessType = SecurityChecker.AccessType.UseEntry)
+    @Parameter(name = ApiConstants.NODE_TYPE_AFFINITY_GROUP_MAP, type = CommandType.MAP,
+            description = "Node Type to Affinity Group ID mapping. VMs of each node type will be added to the specified affinity group",
+            since = "4.23.0")
+    private Map<String, Map<String, String>> affinityGroupNodeTypeMap;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getId() {
+        return id;
+    }
+
+    public Map<String, List<Long>> getAffinityGroupNodeTypeMap() {
+        return kubernetesServiceHelper.getAffinityGroupNodeTypeMap(affinityGroupNodeTypeMap);
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return CallContext.current().getCallingAccount().getId();
+    }
+
+    @Override
+    public ApiCommandResourceType getApiResourceType() {
+        return ApiCommandResourceType.KubernetesCluster;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ServerApiException {
+        try {
+            if (!kubernetesClusterService.updateKubernetesClusterAffinityGroups(this)) {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR,
+                        String.format("Failed to update affinity groups for Kubernetes cluster ID: %d", getId()));
+            }
+            final KubernetesClusterResponse response = kubernetesClusterService.createKubernetesClusterResponse(getId());
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } catch (CloudRuntimeException exception) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, exception.getMessage());
+        }
+    }
+}
diff --git a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
index 0a7e7a97939d..932d722de354 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/response/KubernetesClusterResponse.java
@@ -220,6 +220,30 @@ public class KubernetesClusterResponse extends BaseResponseWithAnnotations imple
     @Param(description = "The date when this Kubernetes cluster was created")
     private Date created;
 
+    @SerializedName(ApiConstants.CONTROL_AFFINITY_GROUP_IDS)
+    @Param(description = "The IDs of affinity groups associated with control nodes", since = "4.23.0")
+    private String controlAffinityGroupIds;
+
+    @SerializedName(ApiConstants.CONTROL_AFFINITY_GROUP_NAMES)
+    @Param(description = "The names of affinity groups associated with control nodes", since = "4.23.0")
+    private String controlAffinityGroupNames;
+
+    @SerializedName(ApiConstants.WORKER_AFFINITY_GROUP_IDS)
+    @Param(description = "The IDs of affinity groups associated with worker nodes", since = "4.23.0")
+    private String workerAffinityGroupIds;
+
+    @SerializedName(ApiConstants.WORKER_AFFINITY_GROUP_NAMES)
+    @Param(description = "The names of affinity groups associated with worker nodes", since = "4.23.0")
+    private String workerAffinityGroupNames;
+
+    @SerializedName(ApiConstants.ETCD_AFFINITY_GROUP_IDS)
+    @Param(description = "The IDs of affinity groups associated with etcd nodes", since = "4.23.0")
+    private String etcdAffinityGroupIds;
+
+    @SerializedName(ApiConstants.ETCD_AFFINITY_GROUP_NAMES)
+    @Param(description = "The names of affinity groups associated with etcd nodes", since = "4.23.0")
+    private String etcdAffinityGroupNames;
+
     public KubernetesClusterResponse() {
     }
 
@@ -535,4 +559,28 @@ public void setCniConfigName(String cniConfigName) {
     public void setCsiEnabled(Boolean csiEnabled) {
         isCsiEnabled = csiEnabled;
     }
+
+    public void setControlAffinityGroupIds(String controlAffinityGroupIds) {
+        this.controlAffinityGroupIds = controlAffinityGroupIds;
+    }
+
+    public void setControlAffinityGroupNames(String controlAffinityGroupNames) {
+        this.controlAffinityGroupNames = controlAffinityGroupNames;
+    }
+
+    public void setWorkerAffinityGroupIds(String workerAffinityGroupIds) {
+        this.workerAffinityGroupIds = workerAffinityGroupIds;
+    }
+
+    public void setWorkerAffinityGroupNames(String workerAffinityGroupNames) {
+        this.workerAffinityGroupNames = workerAffinityGroupNames;
+    }
+
+    public void setEtcdAffinityGroupIds(String etcdAffinityGroupIds) {
+        this.etcdAffinityGroupIds = etcdAffinityGroupIds;
+    }
+
+    public void setEtcdAffinityGroupNames(String etcdAffinityGroupNames) {
+        this.etcdAffinityGroupNames = etcdAffinityGroupNames;
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/main/resources/META-INF/cloudstack/kubernetes-service/spring-kubernetes-service-context.xml b/plugins/integrations/kubernetes-service/src/main/resources/META-INF/cloudstack/kubernetes-service/spring-kubernetes-service-context.xml
index 9d236eed26cd..053366786292 100644
--- a/plugins/integrations/kubernetes-service/src/main/resources/META-INF/cloudstack/kubernetes-service/spring-kubernetes-service-context.xml
+++ b/plugins/integrations/kubernetes-service/src/main/resources/META-INF/cloudstack/kubernetes-service/spring-kubernetes-service-context.xml
@@ -32,6 +32,7 @@
     <bean id="kubernetesClusterDaoImpl" class="com.cloud.kubernetes.cluster.dao.KubernetesClusterDaoImpl" />
     <bean id="kubernetesClusterDetailsDaoImpl" class="com.cloud.kubernetes.cluster.dao.KubernetesClusterDetailsDaoImpl" />
     <bean id="kubernetesClusterVmMapDaoImpl" class="com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDaoImpl" />
+    <bean id="kubernetesClusterAffinityGroupMapDaoImpl" class="com.cloud.kubernetes.cluster.dao.KubernetesClusterAffinityGroupMapDaoImpl" />
     <bean id="kubernetesClusterManagerImpl" class="com.cloud.kubernetes.cluster.KubernetesClusterManagerImpl" />
 
     <bean id="kubernetesServiceHelper" class="com.cloud.kubernetes.cluster.KubernetesServiceHelperImpl" >
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterAffinityGroupMapVOTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterAffinityGroupMapVOTest.java
new file mode 100644
index 000000000000..d0aafc7d1e5e
--- /dev/null
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterAffinityGroupMapVOTest.java
@@ -0,0 +1,87 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.kubernetes.cluster;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class KubernetesClusterAffinityGroupMapVOTest {
+
+    @Test
+    public void testConstructorAndGetters() {
+        KubernetesClusterAffinityGroupMapVO vo =
+            new KubernetesClusterAffinityGroupMapVO(1L, "CONTROL", 100L);
+
+        Assert.assertEquals(1L, vo.getClusterId());
+        Assert.assertEquals("CONTROL", vo.getNodeType());
+        Assert.assertEquals(100L, vo.getAffinityGroupId());
+    }
+
+    @Test
+    public void testDefaultConstructor() {
+        KubernetesClusterAffinityGroupMapVO vo = new KubernetesClusterAffinityGroupMapVO();
+        Assert.assertNotNull(vo);
+    }
+
+    @Test
+    public void testSetClusterId() {
+        KubernetesClusterAffinityGroupMapVO vo = new KubernetesClusterAffinityGroupMapVO();
+        vo.setClusterId(2L);
+        Assert.assertEquals(2L, vo.getClusterId());
+    }
+
+    @Test
+    public void testSetNodeType() {
+        KubernetesClusterAffinityGroupMapVO vo = new KubernetesClusterAffinityGroupMapVO();
+        vo.setNodeType("WORKER");
+        Assert.assertEquals("WORKER", vo.getNodeType());
+    }
+
+    @Test
+    public void testSetAffinityGroupId() {
+        KubernetesClusterAffinityGroupMapVO vo = new KubernetesClusterAffinityGroupMapVO();
+        vo.setAffinityGroupId(200L);
+        Assert.assertEquals(200L, vo.getAffinityGroupId());
+    }
+
+    @Test
+    public void testAllNodeTypes() {
+        KubernetesClusterAffinityGroupMapVO controlVo =
+            new KubernetesClusterAffinityGroupMapVO(1L, "CONTROL", 10L);
+        KubernetesClusterAffinityGroupMapVO workerVo =
+            new KubernetesClusterAffinityGroupMapVO(1L, "WORKER", 20L);
+        KubernetesClusterAffinityGroupMapVO etcdVo =
+            new KubernetesClusterAffinityGroupMapVO(1L, "ETCD", 30L);
+
+        Assert.assertEquals("CONTROL", controlVo.getNodeType());
+        Assert.assertEquals("WORKER", workerVo.getNodeType());
+        Assert.assertEquals("ETCD", etcdVo.getNodeType());
+    }
+
+    @Test
+    public void testSettersChain() {
+        KubernetesClusterAffinityGroupMapVO vo = new KubernetesClusterAffinityGroupMapVO();
+
+        vo.setClusterId(5L);
+        vo.setNodeType("ETCD");
+        vo.setAffinityGroupId(500L);
+
+        Assert.assertEquals(5L, vo.getClusterId());
+        Assert.assertEquals("ETCD", vo.getNodeType());
+        Assert.assertEquals(500L, vo.getAffinityGroupId());
+    }
+}
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImplTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImplTest.java
deleted file mode 100644
index 298f1dfbcd61..000000000000
--- a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterHelperImplTest.java
+++ /dev/null
@@ -1,145 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-package com.cloud.kubernetes.cluster;
-
-import com.cloud.exception.InvalidParameterValueException;
-import com.cloud.service.ServiceOfferingVO;
-import com.cloud.service.dao.ServiceOfferingDao;
-import com.cloud.vm.VmDetailConstants;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.Mockito;
-import org.mockito.junit.MockitoJUnitRunner;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.UUID;
-
-import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.CONTROL;
-import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.ETCD;
-import static com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType.WORKER;
-
-@RunWith(MockitoJUnitRunner.class)
-public class KubernetesClusterHelperImplTest {
-
-    @Mock
-    private ServiceOfferingDao serviceOfferingDao;
-    @Mock
-    private ServiceOfferingVO workerServiceOffering;
-    @Mock
-    private ServiceOfferingVO controlServiceOffering;
-    @Mock
-    private ServiceOfferingVO etcdServiceOffering;
-
-    private static final String workerNodesOfferingId = UUID.randomUUID().toString();
-    private static final String controlNodesOfferingId = UUID.randomUUID().toString();
-    private static final String etcdNodesOfferingId = UUID.randomUUID().toString();
-    private static final Long workerOfferingId = 1L;
-    private static final Long controlOfferingId = 2L;
-    private static final Long etcdOfferingId = 3L;
-
-    private final KubernetesServiceHelperImpl helper = new KubernetesServiceHelperImpl();
-
-    @Before
-    public void setUp() {
-        helper.serviceOfferingDao = serviceOfferingDao;
-        Mockito.when(serviceOfferingDao.findByUuid(workerNodesOfferingId)).thenReturn(workerServiceOffering);
-        Mockito.when(serviceOfferingDao.findByUuid(controlNodesOfferingId)).thenReturn(controlServiceOffering);
-        Mockito.when(serviceOfferingDao.findByUuid(etcdNodesOfferingId)).thenReturn(etcdServiceOffering);
-        Mockito.when(workerServiceOffering.getId()).thenReturn(workerOfferingId);
-        Mockito.when(controlServiceOffering.getId()).thenReturn(controlOfferingId);
-        Mockito.when(etcdServiceOffering.getId()).thenReturn(etcdOfferingId);
-    }
-
-    @Test
-    public void testIsValidNodeTypeEmptyNodeType() {
-        Assert.assertFalse(helper.isValidNodeType(null));
-    }
-
-    @Test
-    public void testIsValidNodeTypeInvalidNodeType() {
-        String nodeType = "invalidNodeType";
-        Assert.assertFalse(helper.isValidNodeType(nodeType));
-    }
-
-    @Test
-    public void testIsValidNodeTypeValidNodeTypeLowercase() {
-        String nodeType = KubernetesServiceHelper.KubernetesClusterNodeType.WORKER.name().toLowerCase();
-        Assert.assertTrue(helper.isValidNodeType(nodeType));
-    }
-
-    private Map<String, String> createMapEntry(KubernetesServiceHelper.KubernetesClusterNodeType nodeType,
-                                               String nodeTypeOfferingUuid) {
-        Map<String, String> map = new HashMap<>();
-        map.put(VmDetailConstants.CKS_NODE_TYPE, nodeType.name().toLowerCase());
-        map.put(VmDetailConstants.OFFERING, nodeTypeOfferingUuid);
-        return map;
-    }
-
-    @Test
-    public void testNodeOfferingMap() {
-        Map<String, Map<String, String>> serviceOfferingNodeTypeMap = new HashMap<>();
-        Map<String, String> firstMap = createMapEntry(WORKER, workerNodesOfferingId);
-        Map<String, String> secondMap = createMapEntry(CONTROL, controlNodesOfferingId);
-        serviceOfferingNodeTypeMap.put("map1", firstMap);
-        serviceOfferingNodeTypeMap.put("map2", secondMap);
-        Map<String, Long> map = helper.getServiceOfferingNodeTypeMap(serviceOfferingNodeTypeMap);
-        Assert.assertNotNull(map);
-        Assert.assertEquals(2, map.size());
-        Assert.assertTrue(map.containsKey(WORKER.name()) && map.containsKey(CONTROL.name()));
-        Assert.assertEquals(workerOfferingId, map.get(WORKER.name()));
-        Assert.assertEquals(controlOfferingId, map.get(CONTROL.name()));
-    }
-
-    @Test
-    public void testNodeOfferingMapNullMap() {
-        Map<String, Long> map = helper.getServiceOfferingNodeTypeMap(null);
-        Assert.assertTrue(map.isEmpty());
-    }
-
-    @Test
-    public void testNodeOfferingMapEtcdNodes() {
-        Map<String, Map<String, String>> serviceOfferingNodeTypeMap = new HashMap<>();
-        Map<String, String> firstMap = createMapEntry(ETCD, etcdNodesOfferingId);
-        serviceOfferingNodeTypeMap.put("map1", firstMap);
-        Map<String, Long> map = helper.getServiceOfferingNodeTypeMap(serviceOfferingNodeTypeMap);
-        Assert.assertNotNull(map);
-        Assert.assertEquals(1, map.size());
-        Assert.assertTrue(map.containsKey(ETCD.name()));
-        Assert.assertEquals(etcdOfferingId, map.get(ETCD.name()));
-    }
-
-    @Test(expected = InvalidParameterValueException.class)
-    public void testCheckNodeTypeOfferingEntryCompletenessInvalidParameters() {
-        helper.checkNodeTypeOfferingEntryCompleteness(WORKER.name(), null);
-    }
-
-    @Test(expected = InvalidParameterValueException.class)
-    public void testCheckNodeTypeOfferingEntryValuesInvalidNodeType() {
-        String invalidNodeType = "invalidNodeTypeName";
-        helper.checkNodeTypeOfferingEntryValues(invalidNodeType, workerServiceOffering, workerNodesOfferingId);
-    }
-
-    @Test(expected = InvalidParameterValueException.class)
-    public void testCheckNodeTypeOfferingEntryValuesEmptyOffering() {
-        String nodeType = WORKER.name();
-        helper.checkNodeTypeOfferingEntryValues(nodeType, null, workerNodesOfferingId);
-    }
-}
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java
index 2a381f282de2..71949459c865 100644
--- a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImplTest.java
@@ -26,6 +26,7 @@
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.kubernetes.cluster.actionworkers.KubernetesClusterActionWorker;
+import com.cloud.kubernetes.cluster.dao.KubernetesClusterAffinityGroupMapDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDao;
 import com.cloud.kubernetes.version.KubernetesSupportedVersion;
@@ -46,9 +47,14 @@
 import com.cloud.utils.net.NetUtils;
 import com.cloud.vm.VMInstanceVO;
 import com.cloud.vm.dao.VMInstanceDao;
+import com.cloud.host.HostVO;
+import com.cloud.host.dao.HostDao;
+import org.apache.cloudstack.affinity.AffinityGroupVO;
+import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.AddVirtualMachinesToKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.RemoveVirtualMachinesFromKubernetesClusterCmd;
+import org.apache.cloudstack.api.response.KubernetesClusterResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.commons.collections.MapUtils;
@@ -103,6 +109,15 @@ public class KubernetesClusterManagerImplTest {
     @Mock
     private ServiceOfferingDao serviceOfferingDao;
 
+    @Mock
+    private KubernetesClusterAffinityGroupMapDao kubernetesClusterAffinityGroupMapDao;
+
+    @Mock
+    private AffinityGroupDao affinityGroupDao;
+
+    @Mock
+    private HostDao hostDao;
+
     @Spy
     @InjectMocks
     KubernetesClusterManagerImpl kubernetesClusterManager;
@@ -441,4 +456,462 @@ public void testGetCksClusterPreferredArchSameArch() {
         String cksClusterPreferredArch = kubernetesClusterManager.getCksClusterPreferredArch(systemVMArch, cksIso);
         Assert.assertEquals(CPU.CPUArch.amd64.getType(), cksClusterPreferredArch);
     }
+
+    @Test
+    public void testSetAffinityGroupResponseForNodeTypeControl() {
+        KubernetesClusterResponse response = new KubernetesClusterResponse();
+        long clusterId = 1L;
+
+        AffinityGroupVO ag1 = Mockito.mock(AffinityGroupVO.class);
+        AffinityGroupVO ag2 = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(ag1.getUuid()).thenReturn("uuid-1");
+        Mockito.when(ag1.getName()).thenReturn("affinity-group-1");
+        Mockito.when(ag2.getUuid()).thenReturn("uuid-2");
+        Mockito.when(ag2.getName()).thenReturn("affinity-group-2");
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(clusterId, CONTROL.name()))
+            .thenReturn(Arrays.asList(1L, 2L));
+        Mockito.when(affinityGroupDao.findById(1L)).thenReturn(ag1);
+        Mockito.when(affinityGroupDao.findById(2L)).thenReturn(ag2);
+
+        kubernetesClusterManager.setAffinityGroupResponseForNodeType(response, clusterId, CONTROL.name());
+
+        Mockito.verify(kubernetesClusterAffinityGroupMapDao).listAffinityGroupIdsByClusterIdAndNodeType(clusterId, CONTROL.name());
+        Mockito.verify(affinityGroupDao).findById(1L);
+        Mockito.verify(affinityGroupDao).findById(2L);
+    }
+
+    @Test
+    public void testSetAffinityGroupResponseForNodeTypeWorker() {
+        KubernetesClusterResponse response = new KubernetesClusterResponse();
+        long clusterId = 1L;
+
+        AffinityGroupVO ag = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(ag.getUuid()).thenReturn("worker-uuid");
+        Mockito.when(ag.getName()).thenReturn("worker-affinity");
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(clusterId, WORKER.name()))
+            .thenReturn(Arrays.asList(10L));
+        Mockito.when(affinityGroupDao.findById(10L)).thenReturn(ag);
+
+        kubernetesClusterManager.setAffinityGroupResponseForNodeType(response, clusterId, WORKER.name());
+
+        Mockito.verify(kubernetesClusterAffinityGroupMapDao).listAffinityGroupIdsByClusterIdAndNodeType(clusterId, WORKER.name());
+        Mockito.verify(affinityGroupDao).findById(10L);
+    }
+
+    @Test
+    public void testSetAffinityGroupResponseForNodeTypeEtcd() {
+        KubernetesClusterResponse response = new KubernetesClusterResponse();
+        long clusterId = 1L;
+
+        AffinityGroupVO ag = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(ag.getUuid()).thenReturn("etcd-uuid");
+        Mockito.when(ag.getName()).thenReturn("etcd-affinity");
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(clusterId, ETCD.name()))
+            .thenReturn(Arrays.asList(20L));
+        Mockito.when(affinityGroupDao.findById(20L)).thenReturn(ag);
+
+        kubernetesClusterManager.setAffinityGroupResponseForNodeType(response, clusterId, ETCD.name());
+
+        Mockito.verify(kubernetesClusterAffinityGroupMapDao).listAffinityGroupIdsByClusterIdAndNodeType(clusterId, ETCD.name());
+        Mockito.verify(affinityGroupDao).findById(20L);
+    }
+
+    @Test
+    public void testSetAffinityGroupResponseForNodeTypeEmptyList() {
+        KubernetesClusterResponse response = new KubernetesClusterResponse();
+        long clusterId = 1L;
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(clusterId, CONTROL.name()))
+            .thenReturn(Collections.emptyList());
+
+        kubernetesClusterManager.setAffinityGroupResponseForNodeType(response, clusterId, CONTROL.name());
+
+        Mockito.verify(affinityGroupDao, Mockito.never()).findById(Mockito.anyLong());
+    }
+
+    @Test
+    public void testSetAffinityGroupResponseForNodeTypeNullList() {
+        KubernetesClusterResponse response = new KubernetesClusterResponse();
+        long clusterId = 1L;
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(clusterId, ETCD.name()))
+            .thenReturn(null);
+
+        kubernetesClusterManager.setAffinityGroupResponseForNodeType(response, clusterId, ETCD.name());
+
+        Mockito.verify(affinityGroupDao, Mockito.never()).findById(Mockito.anyLong());
+    }
+
+    @Test
+    public void testSetAffinityGroupResponseForNodeTypeNullAffinityGroup() {
+        KubernetesClusterResponse response = new KubernetesClusterResponse();
+        long clusterId = 1L;
+
+        AffinityGroupVO ag1 = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(ag1.getUuid()).thenReturn("uuid-1");
+        Mockito.when(ag1.getName()).thenReturn("affinity-group-1");
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(clusterId, CONTROL.name()))
+            .thenReturn(Arrays.asList(1L, 2L));
+        Mockito.when(affinityGroupDao.findById(1L)).thenReturn(ag1);
+        Mockito.when(affinityGroupDao.findById(2L)).thenReturn(null);
+
+        kubernetesClusterManager.setAffinityGroupResponseForNodeType(response, clusterId, CONTROL.name());
+
+        Mockito.verify(affinityGroupDao).findById(1L);
+        Mockito.verify(affinityGroupDao).findById(2L);
+    }
+
+    @Test
+    public void testSetNodeTypeAffinityGroupResponse() {
+        KubernetesClusterResponse response = new KubernetesClusterResponse();
+        long clusterId = 1L;
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(Mockito.eq(clusterId), Mockito.anyString()))
+            .thenReturn(Collections.emptyList());
+
+        kubernetesClusterManager.setNodeTypeAffinityGroupResponse(response, clusterId);
+
+        Mockito.verify(kubernetesClusterAffinityGroupMapDao).listAffinityGroupIdsByClusterIdAndNodeType(clusterId, CONTROL.name());
+        Mockito.verify(kubernetesClusterAffinityGroupMapDao).listAffinityGroupIdsByClusterIdAndNodeType(clusterId, WORKER.name());
+        Mockito.verify(kubernetesClusterAffinityGroupMapDao).listAffinityGroupIdsByClusterIdAndNodeType(clusterId, ETCD.name());
+    }
+
+    @Test
+    public void testValidateNodeAffinityGroupsNoAffinityGroups() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        List<Long> nodeIds = Arrays.asList(100L, 101L);
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(Collections.emptyList());
+
+        kubernetesClusterManager.validateNodeAffinityGroups(nodeIds, cluster);
+
+        Mockito.verify(kubernetesClusterVmMapDao, Mockito.never()).listByClusterIdAndVmType(Mockito.anyLong(), Mockito.any());
+    }
+
+    @Test
+    public void testValidateNodeAffinityGroupsNullAffinityGroups() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        List<Long> nodeIds = Arrays.asList(100L, 101L);
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(null);
+
+        kubernetesClusterManager.validateNodeAffinityGroups(nodeIds, cluster);
+
+        Mockito.verify(kubernetesClusterVmMapDao, Mockito.never()).listByClusterIdAndVmType(Mockito.anyLong(), Mockito.any());
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testValidateNodeAffinityGroupsAntiAffinityNewNodeOnExistingHost() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        Mockito.when(cluster.getName()).thenReturn("test-cluster");
+
+        Long newNodeId = 100L;
+        Long existingWorkerVmId = 200L;
+        Long sharedHostId = 1000L;
+
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroup.getType()).thenReturn("host anti-affinity");
+        Mockito.when(affinityGroup.getName()).thenReturn("anti-affinity-group");
+
+        VMInstanceVO newNode = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(newNode.getHostId()).thenReturn(sharedHostId);
+        Mockito.when(newNode.getInstanceName()).thenReturn("new-node-vm");
+
+        VMInstanceVO existingWorkerVm = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(existingWorkerVm.getHostId()).thenReturn(sharedHostId);
+
+        KubernetesClusterVmMapVO workerVmMap = Mockito.mock(KubernetesClusterVmMapVO.class);
+        Mockito.when(workerVmMap.getVmId()).thenReturn(existingWorkerVmId);
+
+        HostVO host = Mockito.mock(HostVO.class);
+        Mockito.when(host.getName()).thenReturn("host-1");
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(Arrays.asList(10L));
+        Mockito.when(affinityGroupDao.findById(10L)).thenReturn(affinityGroup);
+        Mockito.when(kubernetesClusterVmMapDao.listByClusterIdAndVmType(1L, WORKER))
+            .thenReturn(Arrays.asList(workerVmMap));
+        Mockito.when(vmInstanceDao.findById(existingWorkerVmId)).thenReturn(existingWorkerVm);
+        Mockito.when(vmInstanceDao.findById(newNodeId)).thenReturn(newNode);
+        Mockito.when(hostDao.findById(sharedHostId)).thenReturn(host);
+
+        kubernetesClusterManager.validateNodeAffinityGroups(Arrays.asList(newNodeId), cluster);
+    }
+
+    @Test
+    public void testValidateNodeAffinityGroupsAntiAffinityNewNodeOnDifferentHost() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        Mockito.lenient().when(cluster.getName()).thenReturn("test-cluster");
+
+        Long newNodeId = 100L;
+        Long existingWorkerVmId = 200L;
+        Long existingHostId = 1000L;
+        Long newNodeHostId = 1001L;
+
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroup.getType()).thenReturn("host anti-affinity");
+        Mockito.lenient().when(affinityGroup.getName()).thenReturn("anti-affinity-group");
+
+        VMInstanceVO newNode = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(newNode.getHostId()).thenReturn(newNodeHostId);
+
+        VMInstanceVO existingWorkerVm = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(existingWorkerVm.getHostId()).thenReturn(existingHostId);
+
+        KubernetesClusterVmMapVO workerVmMap = Mockito.mock(KubernetesClusterVmMapVO.class);
+        Mockito.when(workerVmMap.getVmId()).thenReturn(existingWorkerVmId);
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(Arrays.asList(10L));
+        Mockito.when(affinityGroupDao.findById(10L)).thenReturn(affinityGroup);
+        Mockito.when(kubernetesClusterVmMapDao.listByClusterIdAndVmType(1L, WORKER))
+            .thenReturn(Arrays.asList(workerVmMap));
+        Mockito.when(vmInstanceDao.findById(existingWorkerVmId)).thenReturn(existingWorkerVm);
+        Mockito.when(vmInstanceDao.findById(newNodeId)).thenReturn(newNode);
+
+        kubernetesClusterManager.validateNodeAffinityGroups(Arrays.asList(newNodeId), cluster);
+
+        Mockito.verify(kubernetesClusterAffinityGroupMapDao).listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name());
+    }
+
+    @Test
+    public void testValidateNodeAffinityGroupsAffinityNewNodeOnSameHost() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        Mockito.lenient().when(cluster.getName()).thenReturn("test-cluster");
+
+        Long newNodeId = 100L;
+        Long existingWorkerVmId = 200L;
+        Long sharedHostId = 1000L;
+
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroup.getType()).thenReturn("host affinity");
+        Mockito.lenient().when(affinityGroup.getName()).thenReturn("affinity-group");
+
+        VMInstanceVO newNode = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(newNode.getHostId()).thenReturn(sharedHostId);
+
+        VMInstanceVO existingWorkerVm = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(existingWorkerVm.getHostId()).thenReturn(sharedHostId);
+
+        KubernetesClusterVmMapVO workerVmMap = Mockito.mock(KubernetesClusterVmMapVO.class);
+        Mockito.when(workerVmMap.getVmId()).thenReturn(existingWorkerVmId);
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(Arrays.asList(10L));
+        Mockito.when(affinityGroupDao.findById(10L)).thenReturn(affinityGroup);
+        Mockito.when(kubernetesClusterVmMapDao.listByClusterIdAndVmType(1L, WORKER))
+            .thenReturn(Arrays.asList(workerVmMap));
+        Mockito.when(vmInstanceDao.findById(existingWorkerVmId)).thenReturn(existingWorkerVm);
+        Mockito.when(vmInstanceDao.findById(newNodeId)).thenReturn(newNode);
+
+        kubernetesClusterManager.validateNodeAffinityGroups(Arrays.asList(newNodeId), cluster);
+
+        Mockito.verify(kubernetesClusterAffinityGroupMapDao).listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name());
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testValidateNodeAffinityGroupsAffinityNewNodeOnDifferentHost() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        Mockito.when(cluster.getName()).thenReturn("test-cluster");
+
+        Long newNodeId = 100L;
+        Long existingWorkerVmId = 200L;
+        Long existingHostId = 1000L;
+        Long newNodeHostId = 1001L;
+
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroup.getType()).thenReturn("host affinity");
+        Mockito.when(affinityGroup.getName()).thenReturn("affinity-group");
+
+        VMInstanceVO newNode = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(newNode.getHostId()).thenReturn(newNodeHostId);
+        Mockito.when(newNode.getInstanceName()).thenReturn("new-node-vm");
+
+        VMInstanceVO existingWorkerVm = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(existingWorkerVm.getHostId()).thenReturn(existingHostId);
+
+        KubernetesClusterVmMapVO workerVmMap = Mockito.mock(KubernetesClusterVmMapVO.class);
+        Mockito.when(workerVmMap.getVmId()).thenReturn(existingWorkerVmId);
+
+        HostVO newHost = Mockito.mock(HostVO.class);
+        Mockito.when(newHost.getName()).thenReturn("host-2");
+
+        HostVO existingHost = Mockito.mock(HostVO.class);
+        Mockito.when(existingHost.getName()).thenReturn("host-1");
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(Arrays.asList(10L));
+        Mockito.when(affinityGroupDao.findById(10L)).thenReturn(affinityGroup);
+        Mockito.when(kubernetesClusterVmMapDao.listByClusterIdAndVmType(1L, WORKER))
+            .thenReturn(Arrays.asList(workerVmMap));
+        Mockito.when(vmInstanceDao.findById(existingWorkerVmId)).thenReturn(existingWorkerVm);
+        Mockito.when(vmInstanceDao.findById(newNodeId)).thenReturn(newNode);
+        Mockito.when(hostDao.findById(newNodeHostId)).thenReturn(newHost);
+        Mockito.when(hostDao.findById(existingHostId)).thenReturn(existingHost);
+
+        kubernetesClusterManager.validateNodeAffinityGroups(Arrays.asList(newNodeId), cluster);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testValidateNodeAffinityGroupsAntiAffinityMultipleNewNodesOnSameHost() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        Mockito.when(cluster.getName()).thenReturn("test-cluster");
+
+        Long newNodeId1 = 100L;
+        Long newNodeId2 = 101L;
+        Long sharedHostId = 1000L;
+
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.lenient().when(affinityGroup.getType()).thenReturn("host anti-affinity");
+        Mockito.when(affinityGroup.getName()).thenReturn("anti-affinity-group");
+
+        VMInstanceVO newNode1 = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(newNode1.getHostId()).thenReturn(sharedHostId);
+        Mockito.lenient().when(newNode1.getInstanceName()).thenReturn("new-node-vm-1");
+
+        VMInstanceVO newNode2 = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(newNode2.getHostId()).thenReturn(sharedHostId);
+        Mockito.when(newNode2.getInstanceName()).thenReturn("new-node-vm-2");
+
+        HostVO host = Mockito.mock(HostVO.class);
+        Mockito.when(host.getName()).thenReturn("host-1");
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(Arrays.asList(10L));
+        Mockito.when(affinityGroupDao.findById(10L)).thenReturn(affinityGroup);
+        Mockito.when(kubernetesClusterVmMapDao.listByClusterIdAndVmType(1L, WORKER))
+            .thenReturn(Collections.emptyList());
+        Mockito.when(vmInstanceDao.findById(newNodeId1)).thenReturn(newNode1);
+        Mockito.when(vmInstanceDao.findById(newNodeId2)).thenReturn(newNode2);
+        Mockito.when(hostDao.findById(sharedHostId)).thenReturn(host);
+
+        kubernetesClusterManager.validateNodeAffinityGroups(Arrays.asList(newNodeId1, newNodeId2), cluster);
+    }
+
+    @Test
+    public void testValidateNodeAffinityGroupsAntiAffinityMultipleNewNodesOnDifferentHosts() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        Mockito.lenient().when(cluster.getName()).thenReturn("test-cluster");
+
+        Long newNodeId1 = 100L;
+        Long newNodeId2 = 101L;
+        Long hostId1 = 1000L;
+        Long hostId2 = 1001L;
+
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.lenient().when(affinityGroup.getType()).thenReturn("host anti-affinity");
+        Mockito.lenient().when(affinityGroup.getName()).thenReturn("anti-affinity-group");
+
+        VMInstanceVO newNode1 = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(newNode1.getHostId()).thenReturn(hostId1);
+
+        VMInstanceVO newNode2 = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(newNode2.getHostId()).thenReturn(hostId2);
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(Arrays.asList(10L));
+        Mockito.when(affinityGroupDao.findById(10L)).thenReturn(affinityGroup);
+        Mockito.when(kubernetesClusterVmMapDao.listByClusterIdAndVmType(1L, WORKER))
+            .thenReturn(Collections.emptyList());
+        Mockito.when(vmInstanceDao.findById(newNodeId1)).thenReturn(newNode1);
+        Mockito.when(vmInstanceDao.findById(newNodeId2)).thenReturn(newNode2);
+
+        kubernetesClusterManager.validateNodeAffinityGroups(Arrays.asList(newNodeId1, newNodeId2), cluster);
+
+        Mockito.verify(kubernetesClusterAffinityGroupMapDao).listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name());
+    }
+
+    @Test
+    public void testValidateNodeAffinityGroupsNodeWithNullHost() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        Mockito.lenient().when(cluster.getName()).thenReturn("test-cluster");
+
+        Long newNodeId = 100L;
+
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.lenient().when(affinityGroup.getType()).thenReturn("host anti-affinity");
+        Mockito.lenient().when(affinityGroup.getName()).thenReturn("anti-affinity-group");
+
+        VMInstanceVO newNode = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(newNode.getHostId()).thenReturn(null);
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(Arrays.asList(10L));
+        Mockito.when(affinityGroupDao.findById(10L)).thenReturn(affinityGroup);
+        Mockito.when(kubernetesClusterVmMapDao.listByClusterIdAndVmType(1L, WORKER))
+            .thenReturn(Collections.emptyList());
+        Mockito.when(vmInstanceDao.findById(newNodeId)).thenReturn(newNode);
+
+        kubernetesClusterManager.validateNodeAffinityGroups(Arrays.asList(newNodeId), cluster);
+
+        Mockito.verify(vmInstanceDao, Mockito.atLeastOnce()).findById(newNodeId);
+    }
+
+    @Test
+    public void testValidateNodeAffinityGroupsNullNode() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        Mockito.lenient().when(cluster.getName()).thenReturn("test-cluster");
+
+        Long newNodeId = 100L;
+
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.lenient().when(affinityGroup.getType()).thenReturn("host anti-affinity");
+        Mockito.lenient().when(affinityGroup.getName()).thenReturn("anti-affinity-group");
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(Arrays.asList(10L));
+        Mockito.when(affinityGroupDao.findById(10L)).thenReturn(affinityGroup);
+        Mockito.when(kubernetesClusterVmMapDao.listByClusterIdAndVmType(1L, WORKER))
+            .thenReturn(Collections.emptyList());
+        Mockito.when(vmInstanceDao.findById(newNodeId)).thenReturn(null);
+
+        kubernetesClusterManager.validateNodeAffinityGroups(Arrays.asList(newNodeId), cluster);
+
+        Mockito.verify(vmInstanceDao, Mockito.atLeastOnce()).findById(newNodeId);
+    }
+
+    @Test
+    public void testValidateNodeAffinityGroupsAffinityNoExistingWorkers() {
+        KubernetesCluster cluster = Mockito.mock(KubernetesCluster.class);
+        Mockito.when(cluster.getId()).thenReturn(1L);
+        Mockito.lenient().when(cluster.getName()).thenReturn("test-cluster");
+
+        Long newNodeId = 100L;
+        Long newNodeHostId = 1000L;
+
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.lenient().when(affinityGroup.getType()).thenReturn("host affinity");
+        Mockito.lenient().when(affinityGroup.getName()).thenReturn("affinity-group");
+
+        VMInstanceVO newNode = Mockito.mock(VMInstanceVO.class);
+        Mockito.when(newNode.getHostId()).thenReturn(newNodeHostId);
+
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name()))
+            .thenReturn(Arrays.asList(10L));
+        Mockito.when(affinityGroupDao.findById(10L)).thenReturn(affinityGroup);
+        Mockito.when(kubernetesClusterVmMapDao.listByClusterIdAndVmType(1L, WORKER))
+            .thenReturn(Collections.emptyList());
+        Mockito.when(vmInstanceDao.findById(newNodeId)).thenReturn(newNode);
+
+        kubernetesClusterManager.validateNodeAffinityGroups(Arrays.asList(newNodeId), cluster);
+
+        Mockito.verify(kubernetesClusterAffinityGroupMapDao).listAffinityGroupIdsByClusterIdAndNodeType(1L, WORKER.name());
+    }
+
 }
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImplTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImplTest.java
index 3e6688e87577..3994cadc307f 100644
--- a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImplTest.java
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImplTest.java
@@ -17,6 +17,15 @@
 package com.cloud.kubernetes.cluster;
 
 
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+import org.apache.cloudstack.affinity.AffinityGroupVO;
+import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
+import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.InjectMocks;
@@ -24,11 +33,16 @@
 import org.mockito.Mockito;
 import org.mockito.junit.MockitoJUnitRunner;
 
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDao;
+import com.cloud.service.ServiceOfferingVO;
+import com.cloud.service.dao.ServiceOfferingDao;
 import com.cloud.uservm.UserVm;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.vm.UserVmManager;
+import com.cloud.vm.VmDetailConstants;
 
 @RunWith(MockitoJUnitRunner.class)
 public class KubernetesServiceHelperImplTest {
@@ -36,6 +50,10 @@ public class KubernetesServiceHelperImplTest {
     KubernetesClusterVmMapDao kubernetesClusterVmMapDao;
     @Mock
     KubernetesClusterDao kubernetesClusterDao;
+    @Mock
+    AffinityGroupDao affinityGroupDao;
+    @Mock
+    ServiceOfferingDao serviceOfferingDao;
 
     @InjectMocks
     KubernetesServiceHelperImpl kubernetesServiceHelper = new KubernetesServiceHelperImpl();
@@ -84,4 +102,302 @@ public void testCheckVmCanBeDestroyedInExternalManagedCluster() {
         Mockito.when(kubernetesCluster.getClusterType()).thenReturn(KubernetesCluster.ClusterType.ExternalManaged);
         kubernetesServiceHelper.checkVmCanBeDestroyed(vm);
     }
+
+    @Test
+    public void testIsValidNodeTypeEmptyNodeType() {
+        Assert.assertFalse(kubernetesServiceHelper.isValidNodeType(null));
+    }
+
+    @Test
+    public void testIsValidNodeTypeInvalidNodeType() {
+        Assert.assertFalse(kubernetesServiceHelper.isValidNodeType("invalidNodeType"));
+    }
+
+    @Test
+    public void testIsValidNodeTypeValidNodeTypeLowercase() {
+        String nodeType = KubernetesClusterNodeType.WORKER.name().toLowerCase();
+        Assert.assertTrue(kubernetesServiceHelper.isValidNodeType(nodeType));
+    }
+
+    private Map<String, String> createServiceOfferingMapEntry(KubernetesClusterNodeType nodeType, String offeringUuid) {
+        Map<String, String> map = new HashMap<>();
+        map.put(VmDetailConstants.CKS_NODE_TYPE, nodeType.name().toLowerCase());
+        map.put(VmDetailConstants.OFFERING, offeringUuid);
+        return map;
+    }
+
+    @Test
+    public void testGetServiceOfferingNodeTypeMap() {
+        String workerOfferingUuid = UUID.randomUUID().toString();
+        String controlOfferingUuid = UUID.randomUUID().toString();
+
+        ServiceOfferingVO workerOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(workerOffering.getId()).thenReturn(1L);
+        Mockito.when(serviceOfferingDao.findByUuid(workerOfferingUuid)).thenReturn(workerOffering);
+
+        ServiceOfferingVO controlOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(controlOffering.getId()).thenReturn(2L);
+        Mockito.when(serviceOfferingDao.findByUuid(controlOfferingUuid)).thenReturn(controlOffering);
+
+        Map<String, Map<String, String>> serviceOfferingNodeTypeMap = new HashMap<>();
+        serviceOfferingNodeTypeMap.put("map1", createServiceOfferingMapEntry(KubernetesClusterNodeType.WORKER, workerOfferingUuid));
+        serviceOfferingNodeTypeMap.put("map2", createServiceOfferingMapEntry(KubernetesClusterNodeType.CONTROL, controlOfferingUuid));
+
+        Map<String, Long> result = kubernetesServiceHelper.getServiceOfferingNodeTypeMap(serviceOfferingNodeTypeMap);
+
+        Assert.assertNotNull(result);
+        Assert.assertEquals(2, result.size());
+        Assert.assertTrue(result.containsKey(KubernetesClusterNodeType.WORKER.name()));
+        Assert.assertTrue(result.containsKey(KubernetesClusterNodeType.CONTROL.name()));
+        Assert.assertEquals(Long.valueOf(1L), result.get(KubernetesClusterNodeType.WORKER.name()));
+        Assert.assertEquals(Long.valueOf(2L), result.get(KubernetesClusterNodeType.CONTROL.name()));
+    }
+
+    @Test
+    public void testGetServiceOfferingNodeTypeMapNullMap() {
+        Map<String, Long> result = kubernetesServiceHelper.getServiceOfferingNodeTypeMap(null);
+        Assert.assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testGetServiceOfferingNodeTypeMapEtcdNodes() {
+        String etcdOfferingUuid = UUID.randomUUID().toString();
+
+        ServiceOfferingVO etcdOffering = Mockito.mock(ServiceOfferingVO.class);
+        Mockito.when(etcdOffering.getId()).thenReturn(3L);
+        Mockito.when(serviceOfferingDao.findByUuid(etcdOfferingUuid)).thenReturn(etcdOffering);
+
+        Map<String, Map<String, String>> serviceOfferingNodeTypeMap = new HashMap<>();
+        serviceOfferingNodeTypeMap.put("map1", createServiceOfferingMapEntry(KubernetesClusterNodeType.ETCD, etcdOfferingUuid));
+
+        Map<String, Long> result = kubernetesServiceHelper.getServiceOfferingNodeTypeMap(serviceOfferingNodeTypeMap);
+
+        Assert.assertNotNull(result);
+        Assert.assertEquals(1, result.size());
+        Assert.assertTrue(result.containsKey(KubernetesClusterNodeType.ETCD.name()));
+        Assert.assertEquals(Long.valueOf(3L), result.get(KubernetesClusterNodeType.ETCD.name()));
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCheckNodeTypeOfferingEntryCompletenessInvalidParameters() {
+        kubernetesServiceHelper.checkNodeTypeOfferingEntryCompleteness(KubernetesClusterNodeType.WORKER.name(), null);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCheckNodeTypeOfferingEntryValuesInvalidNodeType() {
+        ServiceOfferingVO offering = Mockito.mock(ServiceOfferingVO.class);
+        kubernetesServiceHelper.checkNodeTypeOfferingEntryValues("invalidNodeTypeName", offering, "some-uuid");
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCheckNodeTypeOfferingEntryValuesEmptyOffering() {
+        kubernetesServiceHelper.checkNodeTypeOfferingEntryValues(KubernetesClusterNodeType.WORKER.name(), null, "some-uuid");
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCheckNodeTypeAffinityGroupEntryCompletenessBlankNodeType() {
+        kubernetesServiceHelper.checkNodeTypeAffinityGroupEntryCompleteness("", "affinity-group-uuid");
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCheckNodeTypeAffinityGroupEntryCompletenessBlankAffinityGroupUuid() {
+        kubernetesServiceHelper.checkNodeTypeAffinityGroupEntryCompleteness("control", "");
+    }
+
+    @Test
+    public void testCheckNodeTypeAffinityGroupEntryCompletenessValid() {
+        kubernetesServiceHelper.checkNodeTypeAffinityGroupEntryCompleteness("control", "affinity-group-uuid");
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCheckNodeTypeAffinityGroupEntryNodeTypeInvalid() {
+        kubernetesServiceHelper.checkNodeTypeAffinityGroupEntryNodeType("invalid-node-type");
+    }
+
+    @Test
+    public void testCheckNodeTypeAffinityGroupEntryNodeTypeValid() {
+        kubernetesServiceHelper.checkNodeTypeAffinityGroupEntryNodeType("control");
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testValidateAffinityGroupUuidAndGetIdBlank() {
+        kubernetesServiceHelper.validateAffinityGroupUuidAndGetId("");
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testValidateAffinityGroupUuidAndGetIdNotFound() {
+        Mockito.when(affinityGroupDao.findByUuid("non-existent-uuid")).thenReturn(null);
+        kubernetesServiceHelper.validateAffinityGroupUuidAndGetId("non-existent-uuid");
+    }
+
+    @Test
+    public void testValidateAffinityGroupUuidAndGetIdValid() {
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroup.getId()).thenReturn(100L);
+        Mockito.when(affinityGroupDao.findByUuid("valid-uuid")).thenReturn(affinityGroup);
+        Long result = kubernetesServiceHelper.validateAffinityGroupUuidAndGetId("valid-uuid");
+        Assert.assertEquals(Long.valueOf(100L), result);
+    }
+
+    @Test
+    public void testValidateAndGetAffinityGroupIdsSingleUuid() {
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroup.getId()).thenReturn(1L);
+        Mockito.when(affinityGroupDao.findByUuid("uuid1")).thenReturn(affinityGroup);
+
+        List<Long> result = kubernetesServiceHelper.validateAndGetAffinityGroupIds("uuid1");
+        Assert.assertEquals(1, result.size());
+        Assert.assertEquals(Long.valueOf(1L), result.get(0));
+    }
+
+    @Test
+    public void testValidateAndGetAffinityGroupIdsMultipleUuids() {
+        AffinityGroupVO affinityGroup1 = Mockito.mock(AffinityGroupVO.class);
+        AffinityGroupVO affinityGroup2 = Mockito.mock(AffinityGroupVO.class);
+        AffinityGroupVO affinityGroup3 = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroup1.getId()).thenReturn(1L);
+        Mockito.when(affinityGroup2.getId()).thenReturn(2L);
+        Mockito.when(affinityGroup3.getId()).thenReturn(3L);
+        Mockito.when(affinityGroupDao.findByUuid("uuid1")).thenReturn(affinityGroup1);
+        Mockito.when(affinityGroupDao.findByUuid("uuid2")).thenReturn(affinityGroup2);
+        Mockito.when(affinityGroupDao.findByUuid("uuid3")).thenReturn(affinityGroup3);
+
+        List<Long> result = kubernetesServiceHelper.validateAndGetAffinityGroupIds("uuid1,uuid2,uuid3");
+        Assert.assertEquals(3, result.size());
+        Assert.assertEquals(Arrays.asList(1L, 2L, 3L), result);
+    }
+
+    @Test
+    public void testValidateAndGetAffinityGroupIdsWithSpaces() {
+        AffinityGroupVO affinityGroup1 = Mockito.mock(AffinityGroupVO.class);
+        AffinityGroupVO affinityGroup2 = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroup1.getId()).thenReturn(1L);
+        Mockito.when(affinityGroup2.getId()).thenReturn(2L);
+        Mockito.when(affinityGroupDao.findByUuid("uuid1")).thenReturn(affinityGroup1);
+        Mockito.when(affinityGroupDao.findByUuid("uuid2")).thenReturn(affinityGroup2);
+
+        List<Long> result = kubernetesServiceHelper.validateAndGetAffinityGroupIds("  uuid1  ,  uuid2  ");
+        Assert.assertEquals(2, result.size());
+        Assert.assertEquals(Arrays.asList(1L, 2L), result);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testValidateAndGetAffinityGroupIdsOneInvalid() {
+        AffinityGroupVO affinityGroup1 = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroupDao.findByUuid("uuid1")).thenReturn(affinityGroup1);
+        Mockito.when(affinityGroupDao.findByUuid("invalid-uuid")).thenReturn(null);
+
+        kubernetesServiceHelper.validateAndGetAffinityGroupIds("uuid1,invalid-uuid");
+    }
+
+    @Test
+    public void testAddNodeTypeAffinityGroupEntry() {
+        Map<String, List<Long>> mapping = new HashMap<>();
+        kubernetesServiceHelper.addNodeTypeAffinityGroupEntry("control", Arrays.asList(1L, 2L), mapping);
+        Assert.assertEquals(1, mapping.size());
+        Assert.assertEquals(Arrays.asList(1L, 2L), mapping.get("CONTROL"));
+    }
+
+    @Test
+    public void testProcessNodeTypeAffinityGroupEntryAndAddToMappingIfValidEmptyEntry() {
+        Map<String, List<Long>> mapping = new HashMap<>();
+        kubernetesServiceHelper.processNodeTypeAffinityGroupEntryAndAddToMappingIfValid(new HashMap<>(), mapping);
+        Assert.assertTrue(mapping.isEmpty());
+    }
+
+    @Test
+    public void testProcessNodeTypeAffinityGroupEntryAndAddToMappingIfValidValidEntry() {
+        AffinityGroupVO affinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroup.getId()).thenReturn(100L);
+        Mockito.when(affinityGroupDao.findByUuid("affinity-group-uuid")).thenReturn(affinityGroup);
+
+        Map<String, String> entry = new HashMap<>();
+        entry.put(VmDetailConstants.CKS_NODE_TYPE, "control");
+        entry.put(VmDetailConstants.AFFINITY_GROUP, "affinity-group-uuid");
+
+        Map<String, List<Long>> mapping = new HashMap<>();
+        kubernetesServiceHelper.processNodeTypeAffinityGroupEntryAndAddToMappingIfValid(entry, mapping);
+        Assert.assertEquals(1, mapping.size());
+        Assert.assertEquals(Arrays.asList(100L), mapping.get("CONTROL"));
+    }
+
+    @Test
+    public void testProcessNodeTypeAffinityGroupEntryAndAddToMappingIfValidMultipleUuids() {
+        AffinityGroupVO affinityGroup1 = Mockito.mock(AffinityGroupVO.class);
+        AffinityGroupVO affinityGroup2 = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(affinityGroup1.getId()).thenReturn(1L);
+        Mockito.when(affinityGroup2.getId()).thenReturn(2L);
+        Mockito.when(affinityGroupDao.findByUuid("uuid1")).thenReturn(affinityGroup1);
+        Mockito.when(affinityGroupDao.findByUuid("uuid2")).thenReturn(affinityGroup2);
+
+        Map<String, String> entry = new HashMap<>();
+        entry.put(VmDetailConstants.CKS_NODE_TYPE, "worker");
+        entry.put(VmDetailConstants.AFFINITY_GROUP, "uuid1,uuid2");
+
+        Map<String, List<Long>> mapping = new HashMap<>();
+        kubernetesServiceHelper.processNodeTypeAffinityGroupEntryAndAddToMappingIfValid(entry, mapping);
+        Assert.assertEquals(1, mapping.size());
+        Assert.assertEquals(Arrays.asList(1L, 2L), mapping.get("WORKER"));
+    }
+
+    @Test
+    public void testGetAffinityGroupNodeTypeMapEmptyMap() {
+        Map<String, List<Long>> result = kubernetesServiceHelper.getAffinityGroupNodeTypeMap(null);
+        Assert.assertTrue(result.isEmpty());
+
+        result = kubernetesServiceHelper.getAffinityGroupNodeTypeMap(new HashMap<>());
+        Assert.assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testGetAffinityGroupNodeTypeMapValidEntries() {
+        AffinityGroupVO controlAffinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(controlAffinityGroup.getId()).thenReturn(100L);
+        Mockito.when(affinityGroupDao.findByUuid("control-affinity-uuid")).thenReturn(controlAffinityGroup);
+
+        AffinityGroupVO workerAffinityGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(workerAffinityGroup.getId()).thenReturn(200L);
+        Mockito.when(affinityGroupDao.findByUuid("worker-affinity-uuid")).thenReturn(workerAffinityGroup);
+
+        Map<String, Map<String, String>> affinityGroupNodeTypeMap = new HashMap<>();
+
+        Map<String, String> controlEntry = new HashMap<>();
+        controlEntry.put(VmDetailConstants.CKS_NODE_TYPE, "control");
+        controlEntry.put(VmDetailConstants.AFFINITY_GROUP, "control-affinity-uuid");
+        affinityGroupNodeTypeMap.put("0", controlEntry);
+
+        Map<String, String> workerEntry = new HashMap<>();
+        workerEntry.put(VmDetailConstants.CKS_NODE_TYPE, "worker");
+        workerEntry.put(VmDetailConstants.AFFINITY_GROUP, "worker-affinity-uuid");
+        affinityGroupNodeTypeMap.put("1", workerEntry);
+
+        Map<String, List<Long>> result = kubernetesServiceHelper.getAffinityGroupNodeTypeMap(affinityGroupNodeTypeMap);
+        Assert.assertEquals(2, result.size());
+        Assert.assertEquals(Arrays.asList(100L), result.get("CONTROL"));
+        Assert.assertEquals(Arrays.asList(200L), result.get("WORKER"));
+    }
+
+    @Test
+    public void testGetAffinityGroupNodeTypeMapMultipleIdsPerNodeType() {
+        AffinityGroupVO ag1 = Mockito.mock(AffinityGroupVO.class);
+        AffinityGroupVO ag2 = Mockito.mock(AffinityGroupVO.class);
+        AffinityGroupVO ag3 = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(ag1.getId()).thenReturn(1L);
+        Mockito.when(ag2.getId()).thenReturn(2L);
+        Mockito.when(ag3.getId()).thenReturn(3L);
+        Mockito.when(affinityGroupDao.findByUuid("ag1")).thenReturn(ag1);
+        Mockito.when(affinityGroupDao.findByUuid("ag2")).thenReturn(ag2);
+        Mockito.when(affinityGroupDao.findByUuid("ag3")).thenReturn(ag3);
+
+        Map<String, Map<String, String>> affinityGroupNodeTypeMap = new HashMap<>();
+
+        Map<String, String> controlEntry = new HashMap<>();
+        controlEntry.put(VmDetailConstants.CKS_NODE_TYPE, "control");
+        controlEntry.put(VmDetailConstants.AFFINITY_GROUP, "ag1,ag2,ag3");
+        affinityGroupNodeTypeMap.put("0", controlEntry);
+
+        Map<String, List<Long>> result = kubernetesServiceHelper.getAffinityGroupNodeTypeMap(affinityGroupNodeTypeMap);
+        Assert.assertEquals(1, result.size());
+        Assert.assertEquals(Arrays.asList(1L, 2L, 3L), result.get("CONTROL"));
+    }
 }
diff --git a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorkerTest.java b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorkerTest.java
index 1eb55808e09d..a25ec55cc04a 100644
--- a/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorkerTest.java
+++ b/plugins/integrations/kubernetes-service/src/test/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorkerTest.java
@@ -16,8 +16,14 @@
 // under the License.
 package com.cloud.kubernetes.cluster.actionworkers;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 import java.util.UUID;
 
+import org.apache.cloudstack.affinity.AffinityGroupVO;
+import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
 import org.apache.cloudstack.api.ApiConstants;
 import org.junit.Assert;
 import org.junit.Before;
@@ -30,6 +36,8 @@
 import com.cloud.kubernetes.cluster.KubernetesCluster;
 import com.cloud.kubernetes.cluster.KubernetesClusterDetailsVO;
 import com.cloud.kubernetes.cluster.KubernetesClusterManagerImpl;
+import com.cloud.kubernetes.cluster.KubernetesServiceHelper.KubernetesClusterNodeType;
+import com.cloud.kubernetes.cluster.dao.KubernetesClusterAffinityGroupMapDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterDetailsDao;
 import com.cloud.kubernetes.cluster.dao.KubernetesClusterVmMapDao;
@@ -60,6 +68,12 @@ public class KubernetesClusterActionWorkerTest {
     @Mock
     IPAddressDao ipAddressDao;
 
+    @Mock
+    KubernetesClusterAffinityGroupMapDao kubernetesClusterAffinityGroupMapDao;
+
+    @Mock
+    AffinityGroupDao affinityGroupDao;
+
     KubernetesClusterActionWorker actionWorker = null;
 
     final static Long DEFAULT_ID = 1L;
@@ -70,10 +84,12 @@ public void setUp() throws Exception {
         kubernetesClusterManager.kubernetesSupportedVersionDao = kubernetesSupportedVersionDao;
         kubernetesClusterManager.kubernetesClusterDetailsDao = kubernetesClusterDetailsDao;
         kubernetesClusterManager.kubernetesClusterVmMapDao = kubernetesClusterVmMapDao;
+        kubernetesClusterManager.kubernetesClusterAffinityGroupMapDao = kubernetesClusterAffinityGroupMapDao;
         KubernetesCluster kubernetesCluster = Mockito.mock(KubernetesCluster.class);
         Mockito.when(kubernetesCluster.getId()).thenReturn(DEFAULT_ID);
         actionWorker = new KubernetesClusterActionWorker(kubernetesCluster, kubernetesClusterManager);
         actionWorker.ipAddressDao = ipAddressDao;
+        actionWorker.affinityGroupDao = affinityGroupDao;
     }
 
     @Test
@@ -130,4 +146,87 @@ public void testGetVpcTierKubernetesPublicIpValid() {
         IpAddress result = actionWorker.getVpcTierKubernetesPublicIp(mockNetworkForGetVpcTierKubernetesPublicIpTest());
         Assert.assertNotNull(result);
     }
+
+    @Test
+    public void testGetAffinityGroupIdsForNodeTypeReturnsIds() {
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(DEFAULT_ID, "CONTROL"))
+            .thenReturn(Arrays.asList(1L, 2L));
+
+        List<Long> result = actionWorker.getAffinityGroupIdsForNodeType(KubernetesClusterNodeType.CONTROL);
+
+        Assert.assertEquals(2, result.size());
+        Assert.assertTrue(result.containsAll(Arrays.asList(1L, 2L)));
+    }
+
+    @Test
+    public void testGetAffinityGroupIdsForNodeTypeReturnsEmptyList() {
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(DEFAULT_ID, "WORKER"))
+            .thenReturn(Collections.emptyList());
+
+        List<Long> result = actionWorker.getAffinityGroupIdsForNodeType(KubernetesClusterNodeType.WORKER);
+
+        Assert.assertTrue(result.isEmpty());
+    }
+
+    @Test
+    public void testGetMergedAffinityGroupIdsWithExplicitDedication() {
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(DEFAULT_ID, "CONTROL"))
+            .thenReturn(new ArrayList<>(Arrays.asList(1L)));
+
+        AffinityGroupVO explicitGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(explicitGroup.getId()).thenReturn(99L);
+        Mockito.when(affinityGroupDao.findByAccountAndType(Mockito.anyLong(), Mockito.eq("ExplicitDedication")))
+            .thenReturn(explicitGroup);
+
+        List<Long> result = actionWorker.getMergedAffinityGroupIds(KubernetesClusterNodeType.CONTROL, 1L, 1L);
+
+        Assert.assertEquals(2, result.size());
+        Assert.assertTrue(result.contains(1L));
+        Assert.assertTrue(result.contains(99L));
+    }
+
+    @Test
+    public void testGetMergedAffinityGroupIdsNoExplicitDedication() {
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(DEFAULT_ID, "WORKER"))
+            .thenReturn(new ArrayList<>(Arrays.asList(1L, 2L)));
+        Mockito.when(affinityGroupDao.findByAccountAndType(Mockito.anyLong(), Mockito.eq("ExplicitDedication")))
+            .thenReturn(null);
+        Mockito.when(affinityGroupDao.findDomainLevelGroupByType(Mockito.anyLong(), Mockito.eq("ExplicitDedication")))
+            .thenReturn(null);
+
+        List<Long> result = actionWorker.getMergedAffinityGroupIds(KubernetesClusterNodeType.WORKER, 1L, 1L);
+
+        Assert.assertEquals(2, result.size());
+    }
+
+    @Test
+    public void testGetMergedAffinityGroupIdsReturnsNullWhenEmpty() {
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(DEFAULT_ID, "ETCD"))
+            .thenReturn(new ArrayList<>());
+        Mockito.when(affinityGroupDao.findByAccountAndType(Mockito.anyLong(), Mockito.anyString()))
+            .thenReturn(null);
+        Mockito.when(affinityGroupDao.findDomainLevelGroupByType(Mockito.anyLong(), Mockito.anyString()))
+            .thenReturn(null);
+
+        List<Long> result = actionWorker.getMergedAffinityGroupIds(KubernetesClusterNodeType.ETCD, 1L, 1L);
+
+        Assert.assertNull(result);
+    }
+
+    @Test
+    public void testGetMergedAffinityGroupIdsExplicitDedicationAlreadyInList() {
+        Mockito.when(kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(DEFAULT_ID, "CONTROL"))
+            .thenReturn(new ArrayList<>(Arrays.asList(99L, 2L)));
+
+        AffinityGroupVO explicitGroup = Mockito.mock(AffinityGroupVO.class);
+        Mockito.when(explicitGroup.getId()).thenReturn(99L);
+        Mockito.when(affinityGroupDao.findByAccountAndType(Mockito.anyLong(), Mockito.eq("ExplicitDedication")))
+            .thenReturn(explicitGroup);
+
+        List<Long> result = actionWorker.getMergedAffinityGroupIds(KubernetesClusterNodeType.CONTROL, 1L, 1L);
+
+        Assert.assertEquals(2, result.size());
+        Assert.assertTrue(result.contains(99L));
+        Assert.assertTrue(result.contains(2L));
+    }
 }
diff --git a/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/LoadBalanceRuleHandler.java b/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/LoadBalanceRuleHandler.java
index 3df58470fc68..fc167b71c23d 100644
--- a/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/LoadBalanceRuleHandler.java
+++ b/plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/LoadBalanceRuleHandler.java
@@ -363,7 +363,7 @@ private LoadBalancer handleCreateLoadBalancerRuleWithLock(final CreateLoadBalanc
             lb.setSourceIpAddressId(ipId);
 
             result = _lbMgr.createPublicLoadBalancer(lb.getXid(), lb.getName(), lb.getDescription(), lb.getSourcePortStart(), lb.getDefaultPortStart(), ipId.longValue(),
-                    lb.getProtocol(), lb.getAlgorithm(), false, CallContext.current(), lb.getLbProtocol(), true, null);
+                    lb.getProtocol(), lb.getAlgorithm(), false, CallContext.current(), lb.getLbProtocol(), true, null, networkId);
         } catch (final NetworkRuleConflictException e) {
             logger.warn("Failed to create LB rule, not continuing with ELB deployment");
             if (newIp) {
diff --git a/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailManagerImpl.java b/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailManagerImpl.java
index f360fab01124..8badb916eeda 100644
--- a/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailManagerImpl.java
+++ b/plugins/network-elements/juniper-contrail/src/main/java/org/apache/cloudstack/network/contrail/management/ContrailManagerImpl.java
@@ -293,7 +293,7 @@ private VpcOffering locateVpcOffering() {
             }
             serviceProviderMap.put(svc, providerSet);
         }
-        vpcOffer = _vpcProvSvc.createVpcOffering(juniperVPCOfferingName, juniperVPCOfferingDisplayText, services, serviceProviderMap, null, null, null, null, null, null, null, VpcOffering.State.Enabled, null, false);
+        vpcOffer = _vpcProvSvc.createVpcOffering(juniperVPCOfferingName, juniperVPCOfferingDisplayText, services, serviceProviderMap, null, null, null, null, null, null, null, VpcOffering.State.Enabled, null, false, false);
         long id = vpcOffer.getId();
         _vpcOffDao.update(id, (VpcOfferingVO)vpcOffer);
         return _vpcOffDao.findById(id);
diff --git a/server/src/main/java/com/cloud/api/ApiResponseHelper.java b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
index 51cf82b13b06..cf98df0da243 100644
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@@ -1675,7 +1675,7 @@ public FirewallRuleResponse createPortForwardingRuleResponse(PortForwardingRule
 
         Network guestNtwk = ApiDBUtils.findNetworkById(fwRule.getNetworkId());
         response.setNetworkId(guestNtwk.getUuid());
-
+        response.setNetworkName(guestNtwk.getName());
 
         IpAddress ip = ApiDBUtils.findIpAddressById(fwRule.getSourceIpAddressId());
 
@@ -3535,6 +3535,7 @@ public VpcResponse createVpcResponse(ResponseView view, Vpc vpc) {
         if (voff != null) {
             response.setVpcOfferingId(voff.getUuid());
             response.setVpcOfferingName(voff.getName());
+            response.setVpcOfferingConserveMode(voff.isConserveMode());
         }
         response.setCidr(vpc.getCidr());
         response.setRestartRequired(vpc.isRestartRequired());
diff --git a/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
index 7ea4b7d5834f..e7fe07a18c78 100644
--- a/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
+++ b/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
@@ -77,6 +77,7 @@ public VpcOfferingResponse newVpcOfferingResponse(VpcOffering offering) {
         if (offering.isSpecifyAsNumber() != null) {
             offeringResponse.setSpecifyAsNumber(offering.isSpecifyAsNumber());
         }
+        offeringResponse.setConserveMode(offering.isConserveMode());
         if (offering instanceof VpcOfferingJoinVO) {
             VpcOfferingJoinVO offeringJoinVO = (VpcOfferingJoinVO) offering;
             offeringResponse.setDomainId(offeringJoinVO.getDomainUuid());
diff --git a/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java b/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
index 4e0707edf880..9d65c19479fb 100644
--- a/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
+++ b/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
@@ -112,6 +112,9 @@ public class VpcOfferingJoinVO implements VpcOffering {
     @Column(name = "specify_as_number")
     private Boolean specifyAsNumber = false;
 
+    @Column(name = "conserve_mode")
+    private boolean conserveMode;
+
     public VpcOfferingJoinVO() {
     }
 
@@ -178,6 +181,11 @@ public Boolean isSpecifyAsNumber() {
         return specifyAsNumber;
     }
 
+    @Override
+    public boolean isConserveMode() {
+        return conserveMode;
+    }
+
     public void setSpecifyAsNumber(Boolean specifyAsNumber) {
         this.specifyAsNumber = specifyAsNumber;
     }
diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 0ce4b913a029..6cc816a81dec 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -22,6 +22,7 @@
 import static org.apache.cloudstack.framework.config.ConfigKey.CATEGORY_SYSTEM;
 
 import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URLDecoder;
@@ -67,15 +68,18 @@
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.command.admin.config.ResetCfgCmd;
 import org.apache.cloudstack.api.command.admin.config.UpdateCfgCmd;
+import org.apache.cloudstack.api.command.admin.network.CloneNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.CreateGuestNetworkIpv6PrefixCmd;
 import org.apache.cloudstack.api.command.admin.network.CreateManagementNetworkIpRangeCmd;
-import org.apache.cloudstack.api.command.admin.network.CreateNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.DeleteGuestNetworkIpv6PrefixCmd;
 import org.apache.cloudstack.api.command.admin.network.DeleteManagementNetworkIpRangeCmd;
 import org.apache.cloudstack.api.command.admin.network.DeleteNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.ListGuestNetworkIpv6PrefixesCmd;
+import org.apache.cloudstack.api.command.admin.network.NetworkOfferingBaseCmd;
 import org.apache.cloudstack.api.command.admin.network.UpdateNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.UpdatePodManagementNetworkIpRangeCmd;
+import org.apache.cloudstack.api.command.admin.offering.CloneDiskOfferingCmd;
+import org.apache.cloudstack.api.command.admin.offering.CloneServiceOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.CreateDiskOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.CreateServiceOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.DeleteDiskOfferingCmd;
@@ -3854,6 +3858,459 @@ protected boolean serviceOfferingExternalDetailsNeedUpdate(final Map<String, Str
         return false;
     }
 
+    @Override
+    @ActionEvent(eventType = EventTypes.EVENT_SERVICE_OFFERING_CLONE, eventDescription = "cloning service offering")
+    public ServiceOffering cloneServiceOffering(final CloneServiceOfferingCmd cmd) {
+        final long userId = CallContext.current().getCallingUserId();
+        final ServiceOfferingVO sourceOffering = getAndValidateSourceOffering(cmd.getSourceOfferingId());
+        final DiskOfferingVO sourceDiskOffering = getSourceDiskOffering(sourceOffering);
+        final Map<String, String> requestParams = cmd.getFullUrlParams();
+
+        final String name = cmd.getServiceOfferingName();
+        final String displayText = getOrDefault(cmd.getDisplayText(), sourceOffering.getDisplayText());
+        final Integer cpuNumber = getOrDefault(cmd.getCpuNumber(), sourceOffering.getCpu());
+        final Integer cpuSpeed = getOrDefault(cmd.getCpuSpeed(), sourceOffering.getSpeed());
+        final Integer memory = getOrDefault(cmd.getMemory(), sourceOffering.getRamSize());
+        final String provisioningType = resolveProvisioningType(cmd, sourceDiskOffering);
+
+        final Boolean offerHa = resolveBooleanParam(requestParams, ApiConstants.OFFER_HA, cmd::isOfferHa, sourceOffering.isOfferHA());
+        final Boolean limitCpuUse = resolveBooleanParam(requestParams, ApiConstants.LIMIT_CPU_USE, cmd::isLimitCpuUse, sourceOffering.getLimitCpuUse());
+        final Boolean isVolatile = resolveBooleanParam(requestParams, ApiConstants.IS_VOLATILE, cmd::isVolatileVm, sourceOffering.isVolatileVm());
+        final Boolean isCustomized = resolveBooleanParam(requestParams, ApiConstants.CUSTOMIZED, cmd::isCustomized, sourceOffering.isCustomized());
+        final Boolean dynamicScalingEnabled = resolveBooleanParam(requestParams, ApiConstants.DYNAMIC_SCALING_ENABLED, cmd::getDynamicScalingEnabled, sourceOffering.isDynamicScalingEnabled());
+        final Boolean diskOfferingStrictness = resolveBooleanParam(requestParams, ApiConstants.DISK_OFFERING_STRICTNESS, cmd::getDiskOfferingStrictness, sourceOffering.getDiskOfferingStrictness());
+        final Boolean encryptRoot = resolveBooleanParam(requestParams, ApiConstants.ENCRYPT_ROOT, cmd::getEncryptRoot, sourceDiskOffering != null && sourceDiskOffering.getEncrypt());
+        final Boolean gpuDisplay = resolveBooleanParam(requestParams, ApiConstants.GPU_DISPLAY, cmd::getGpuDisplay, sourceOffering.getGpuDisplay());
+
+        final String storageType = resolveStorageType(cmd, sourceDiskOffering);
+        final String tags = getOrDefault(cmd.getTags(), sourceDiskOffering != null ? sourceDiskOffering.getTags() : null);
+        final List<Long> domainIds = resolveDomainIds(cmd, sourceOffering);
+        final List<Long> zoneIds = resolveZoneIds(cmd, sourceOffering);
+        final String hostTag = getOrDefault(cmd.getHostTag(), sourceOffering.getHostTag());
+        final Integer networkRate = getOrDefault(cmd.getNetworkRate(), sourceOffering.getRateMbps());
+        final String deploymentPlanner = getOrDefault(cmd.getDeploymentPlanner(), sourceOffering.getDeploymentPlanner());
+
+        final ClonedDiskOfferingParams diskParams = resolveDiskOfferingParams(cmd, sourceDiskOffering);
+
+        final CustomOfferingParams customParams = resolveCustomOfferingParams(cmd, sourceOffering, isCustomized);
+
+        final Long vgpuProfileId = getOrDefault(cmd.getVgpuProfileId(), sourceOffering.getVgpuProfileId());
+        final Integer gpuCount = getOrDefault(cmd.getGpuCount(), sourceOffering.getGpuCount());
+
+        final Boolean purgeResources = resolvePurgeResources(cmd, requestParams, sourceOffering);
+        final LeaseParams leaseParams = resolveLeaseParams(cmd, sourceOffering);
+
+        if (cmd.getCacheMode() != null) {
+            validateCacheMode(cmd.getCacheMode());
+        }
+        final Integer finalGpuCount = validateVgpuProfileAndGetGpuCount(vgpuProfileId, gpuCount);
+
+        final Map<String, String> mergedDetails = mergeOfferingDetails(cmd, sourceOffering, customParams);
+
+        final boolean localStorageRequired = ServiceOffering.StorageType.local.toString().equalsIgnoreCase(storageType);
+
+        final boolean systemUse = sourceOffering.isSystemUse();
+        final VirtualMachine.Type vmType = resolveVmType(sourceOffering);
+
+        final Long diskOfferingId = getOrDefault(cmd.getDiskOfferingId(), sourceOffering.getDiskOfferingId());
+
+        return createServiceOffering(userId, systemUse, vmType,
+                name, cpuNumber, memory, cpuSpeed, displayText, provisioningType, localStorageRequired,
+                offerHa, limitCpuUse, isVolatile, tags, domainIds, zoneIds, hostTag, networkRate,
+                deploymentPlanner, mergedDetails, diskParams.rootDiskSize, diskParams.isCustomizedIops,
+                diskParams.minIops, diskParams.maxIops,
+                diskParams.bytesReadRate, diskParams.bytesReadRateMax, diskParams.bytesReadRateMaxLength,
+                diskParams.bytesWriteRate, diskParams.bytesWriteRateMax, diskParams.bytesWriteRateMaxLength,
+                diskParams.iopsReadRate, diskParams.iopsReadRateMax, diskParams.iopsReadRateMaxLength,
+                diskParams.iopsWriteRate, diskParams.iopsWriteRateMax, diskParams.iopsWriteRateMaxLength,
+                diskParams.hypervisorSnapshotReserve, diskParams.cacheMode, customParams.storagePolicy, dynamicScalingEnabled,
+                diskOfferingId, diskOfferingStrictness, isCustomized, encryptRoot,
+                vgpuProfileId, finalGpuCount, gpuDisplay, purgeResources, leaseParams.leaseDuration, leaseParams.leaseExpiryAction);
+    }
+
+    private ServiceOfferingVO getAndValidateSourceOffering(Long sourceOfferingId) {
+        final ServiceOfferingVO sourceOffering = _serviceOfferingDao.findById(sourceOfferingId);
+        if (sourceOffering == null) {
+            throw new InvalidParameterValueException("Unable to find service offering with ID: " + sourceOfferingId);
+        }
+        return sourceOffering;
+    }
+
+    private DiskOfferingVO getSourceDiskOffering(ServiceOfferingVO sourceOffering) {
+        final Long sourceDiskOfferingId = sourceOffering.getDiskOfferingId();
+        return sourceDiskOfferingId != null ? _diskOfferingDao.findById(sourceDiskOfferingId) : null;
+    }
+
+    public <T> T getOrDefault(T cmdValue, T defaultValue) {
+        return cmdValue != null ? cmdValue : defaultValue;
+    }
+
+    public Boolean resolveBooleanParam(Map<String, String> requestParams, String paramKey,
+                                       java.util.function.Supplier<Boolean> cmdValueSupplier, Boolean defaultValue) {
+        return requestParams != null && requestParams.containsKey(paramKey) ? cmdValueSupplier.get() : defaultValue;
+    }
+
+    private String resolveProvisioningType(CloneServiceOfferingCmd cmd, DiskOfferingVO sourceDiskOffering) {
+        if (cmd.getProvisioningType() != null) {
+            return cmd.getProvisioningType();
+        }
+        if (sourceDiskOffering != null) {
+            return sourceDiskOffering.getProvisioningType().toString();
+        }
+        return Storage.ProvisioningType.THIN.toString();
+    }
+
+    private String resolveStorageType(CloneServiceOfferingCmd cmd, DiskOfferingVO sourceDiskOffering) {
+        if (cmd.getStorageType() != null) {
+            return cmd.getStorageType();
+        }
+        if (sourceDiskOffering != null && sourceDiskOffering.isUseLocalStorage()) {
+            return ServiceOffering.StorageType.local.toString();
+        }
+        return ServiceOffering.StorageType.shared.toString();
+    }
+
+    private List<Long> resolveDomainIds(CloneServiceOfferingCmd cmd, ServiceOfferingVO sourceOffering) {
+        List<Long> domainIds = cmd.getDomainIds();
+        if (domainIds == null || domainIds.isEmpty()) {
+            domainIds = _serviceOfferingDetailsDao.findDomainIds(sourceOffering.getId());
+        }
+        return domainIds;
+    }
+
+    private List<Long> resolveZoneIds(CloneServiceOfferingCmd cmd, ServiceOfferingVO sourceOffering) {
+        List<Long> zoneIds = cmd.getZoneIds();
+        if (zoneIds == null || zoneIds.isEmpty()) {
+            zoneIds = _serviceOfferingDetailsDao.findZoneIds(sourceOffering.getId());
+        }
+        return zoneIds;
+    }
+
+    private ClonedDiskOfferingParams resolveDiskOfferingParams(CloneServiceOfferingCmd cmd, DiskOfferingVO sourceDiskOffering) {
+        final ClonedDiskOfferingParams params = new ClonedDiskOfferingParams();
+
+        params.rootDiskSize = getOrDefault(cmd.getRootDiskSize(), sourceDiskOffering != null ? sourceDiskOffering.getDiskSize() : null);
+        params.bytesReadRate = getOrDefault(cmd.getBytesReadRate(), sourceDiskOffering != null ? sourceDiskOffering.getBytesReadRate() : null);
+        params.bytesReadRateMax = getOrDefault(cmd.getBytesReadRateMax(), sourceDiskOffering != null ? sourceDiskOffering.getBytesReadRateMax() : null);
+        params.bytesReadRateMaxLength = getOrDefault(cmd.getBytesReadRateMaxLength(), sourceDiskOffering != null ? sourceDiskOffering.getBytesReadRateMaxLength() : null);
+        params.bytesWriteRate = getOrDefault(cmd.getBytesWriteRate(), sourceDiskOffering != null ? sourceDiskOffering.getBytesWriteRate() : null);
+        params.bytesWriteRateMax = getOrDefault(cmd.getBytesWriteRateMax(), sourceDiskOffering != null ? sourceDiskOffering.getBytesWriteRateMax() : null);
+        params.bytesWriteRateMaxLength = getOrDefault(cmd.getBytesWriteRateMaxLength(), sourceDiskOffering != null ? sourceDiskOffering.getBytesWriteRateMaxLength() : null);
+        params.iopsReadRate = getOrDefault(cmd.getIopsReadRate(), sourceDiskOffering != null ? sourceDiskOffering.getIopsReadRate() : null);
+        params.iopsReadRateMax = getOrDefault(cmd.getIopsReadRateMax(), sourceDiskOffering != null ? sourceDiskOffering.getIopsReadRateMax() : null);
+        params.iopsReadRateMaxLength = getOrDefault(cmd.getIopsReadRateMaxLength(), sourceDiskOffering != null ? sourceDiskOffering.getIopsReadRateMaxLength() : null);
+        params.iopsWriteRate = getOrDefault(cmd.getIopsWriteRate(), sourceDiskOffering != null ? sourceDiskOffering.getIopsWriteRate() : null);
+        params.iopsWriteRateMax = getOrDefault(cmd.getIopsWriteRateMax(), sourceDiskOffering != null ? sourceDiskOffering.getIopsWriteRateMax() : null);
+        params.iopsWriteRateMaxLength = getOrDefault(cmd.getIopsWriteRateMaxLength(), sourceDiskOffering != null ? sourceDiskOffering.getIopsWriteRateMaxLength() : null);
+        params.isCustomizedIops = getOrDefault(cmd.isCustomizedIops(), sourceDiskOffering != null ? sourceDiskOffering.isCustomizedIops() : null);
+        params.minIops = getOrDefault(cmd.getMinIops(), sourceDiskOffering != null ? sourceDiskOffering.getMinIops() : null);
+        params.maxIops = getOrDefault(cmd.getMaxIops(), sourceDiskOffering != null ? sourceDiskOffering.getMaxIops() : null);
+        params.hypervisorSnapshotReserve = getOrDefault(cmd.getHypervisorSnapshotReserve(), sourceDiskOffering != null ? sourceDiskOffering.getHypervisorSnapshotReserve() : null);
+
+        if (cmd.getCacheMode() != null) {
+            params.cacheMode = cmd.getCacheMode();
+        } else if (sourceDiskOffering != null && sourceDiskOffering.getCacheMode() != null) {
+            params.cacheMode = sourceDiskOffering.getCacheMode().toString();
+        }
+
+        return params;
+    }
+
+    private CustomOfferingParams resolveCustomOfferingParams(CloneServiceOfferingCmd cmd, ServiceOfferingVO sourceOffering, Boolean isCustomized) {
+        final CustomOfferingParams params = new CustomOfferingParams();
+
+        params.maxCPU = resolveDetailParameter(cmd.getMaxCPUs(), sourceOffering.getId(), ApiConstants.MAX_CPU_NUMBER);
+        params.minCPU = resolveDetailParameter(cmd.getMinCPUs(), sourceOffering.getId(), ApiConstants.MIN_CPU_NUMBER);
+        params.maxMemory = resolveDetailParameter(cmd.getMaxMemory(), sourceOffering.getId(), ApiConstants.MAX_MEMORY);
+        params.minMemory = resolveDetailParameter(cmd.getMinMemory(), sourceOffering.getId(), ApiConstants.MIN_MEMORY);
+        params.storagePolicy = resolveDetailParameterAsLong(cmd.getStoragePolicy(), sourceOffering.getId(), ApiConstants.STORAGE_POLICY);
+
+        return params;
+    }
+
+    private Integer resolveDetailParameter(Integer cmdValue, Long offeringId, String detailKey) {
+        if (cmdValue != null) {
+            return cmdValue;
+        }
+        String detailValue = _serviceOfferingDetailsDao.getDetail(offeringId, detailKey);
+        return detailValue != null ? Integer.parseInt(detailValue) : null;
+    }
+
+    private Long resolveDetailParameterAsLong(Long cmdValue, Long offeringId, String detailKey) {
+        if (cmdValue != null) {
+            return cmdValue;
+        }
+        String detailValue = _serviceOfferingDetailsDao.getDetail(offeringId, detailKey);
+        return detailValue != null ? Long.parseLong(detailValue) : null;
+    }
+
+    private Boolean resolvePurgeResources(CloneServiceOfferingCmd cmd, Map<String, String> requestParams, ServiceOfferingVO sourceOffering) {
+        if (requestParams != null && requestParams.containsKey(ApiConstants.PURGE_RESOURCES)) {
+            return cmd.isPurgeResources();
+        }
+        String purgeResourcesStr = _serviceOfferingDetailsDao.getDetail(sourceOffering.getId(), ServiceOffering.PURGE_DB_ENTITIES_KEY);
+        return Boolean.parseBoolean(purgeResourcesStr);
+    }
+
+    private LeaseParams resolveLeaseParams(CloneServiceOfferingCmd cmd, ServiceOfferingVO sourceOffering) {
+        final LeaseParams params = new LeaseParams();
+
+        params.leaseDuration = resolveDetailParameter(cmd.getLeaseDuration(), sourceOffering.getId(), ApiConstants.INSTANCE_LEASE_DURATION);
+
+        if (cmd.getLeaseExpiryAction() != null) {
+            params.leaseExpiryAction = cmd.getLeaseExpiryAction();
+        } else {
+            String leaseExpiryActionStr = _serviceOfferingDetailsDao.getDetail(sourceOffering.getId(), ApiConstants.INSTANCE_LEASE_EXPIRY_ACTION);
+            if (leaseExpiryActionStr != null) {
+                params.leaseExpiryAction = VMLeaseManager.ExpiryAction.valueOf(leaseExpiryActionStr);
+            }
+        }
+
+        params.leaseExpiryAction = validateAndGetLeaseExpiryAction(params.leaseDuration, params.leaseExpiryAction);
+        return params;
+    }
+
+    private Map<String, String> mergeOfferingDetails(CloneServiceOfferingCmd cmd, ServiceOfferingVO sourceOffering, CustomOfferingParams customParams) {
+        final Map<String, String> cmdDetails = cmd.getDetails();
+        final Map<String, String> mergedDetails = new HashMap<>();
+
+        if (cmdDetails == null || cmdDetails.isEmpty()) {
+            Map<String, String> sourceDetails = _serviceOfferingDetailsDao.listDetailsKeyPairs(sourceOffering.getId());
+            if (sourceDetails != null) {
+                mergedDetails.putAll(sourceDetails);
+            }
+        } else {
+            mergedDetails.putAll(cmdDetails);
+        }
+
+        if (customParams.minCPU != null && customParams.maxCPU != null &&
+            customParams.minMemory != null && customParams.maxMemory != null) {
+            mergedDetails.put(ApiConstants.MIN_MEMORY, customParams.minMemory.toString());
+            mergedDetails.put(ApiConstants.MAX_MEMORY, customParams.maxMemory.toString());
+            mergedDetails.put(ApiConstants.MIN_CPU_NUMBER, customParams.minCPU.toString());
+            mergedDetails.put(ApiConstants.MAX_CPU_NUMBER, customParams.maxCPU.toString());
+        }
+
+        return mergedDetails;
+    }
+
+    private VirtualMachine.Type resolveVmType(ServiceOfferingVO sourceOffering) {
+        if (sourceOffering.getVmType() == null) {
+            return null;
+        }
+        try {
+            return VirtualMachine.Type.valueOf(sourceOffering.getVmType());
+        } catch (IllegalArgumentException e) {
+            logger.warn("Invalid VM type in source offering: {}", sourceOffering.getVmType());
+            return null;
+        }
+    }
+
+    private static class ClonedDiskOfferingParams {
+        Long rootDiskSize;
+        Long bytesReadRate;
+        Long bytesReadRateMax;
+        Long bytesReadRateMaxLength;
+        Long bytesWriteRate;
+        Long bytesWriteRateMax;
+        Long bytesWriteRateMaxLength;
+        Long iopsReadRate;
+        Long iopsReadRateMax;
+        Long iopsReadRateMaxLength;
+        Long iopsWriteRate;
+        Long iopsWriteRateMax;
+        Long iopsWriteRateMaxLength;
+        Boolean isCustomizedIops;
+        Long minIops;
+        Long maxIops;
+        Integer hypervisorSnapshotReserve;
+        String cacheMode;
+    }
+
+    private static class CustomOfferingParams {
+        Integer maxCPU;
+        Integer minCPU;
+        Integer maxMemory;
+        Integer minMemory;
+        Long storagePolicy;
+    }
+
+    private static class LeaseParams {
+        Integer leaseDuration;
+        VMLeaseManager.ExpiryAction leaseExpiryAction;
+    }
+
+    @Override
+    @ActionEvent(eventType = EventTypes.EVENT_DISK_OFFERING_CLONE, eventDescription = "cloning disk offering")
+    public DiskOffering cloneDiskOffering(final CloneDiskOfferingCmd cmd) {
+        final long userId = CallContext.current().getCallingUserId();
+        final DiskOfferingVO sourceOffering = getAndValidateSourceDiskOffering(cmd.getSourceOfferingId());
+        final Map<String, String> requestParams = cmd.getFullUrlParams();
+
+        final String name = cmd.getOfferingName();
+        final String displayText = getOrDefault(cmd.getDisplayText(), sourceOffering.getDisplayText());
+        final String provisioningType = getOrDefault(cmd.getProvisioningType(), sourceOffering.getProvisioningType().toString());
+        final Long diskSize = getOrDefault(cmd.getDiskSize(), sourceOffering.getDiskSize());
+        final String tags = getOrDefault(cmd.getTags(), sourceOffering.getTags());
+
+        final Boolean isCustomized = resolveBooleanParam(requestParams, ApiConstants.CUSTOMIZED, cmd::isCustomized, sourceOffering.isCustomized());
+        final Boolean displayOffering = resolveBooleanParam(requestParams, ApiConstants.DISPLAY_OFFERING, cmd::getDisplayOffering, sourceOffering.getDisplayOffering());
+        final Boolean isCustomizedIops = getOrDefault(cmd.isCustomizedIops(), sourceOffering.isCustomizedIops());
+        final Boolean diskSizeStrictness = resolveBooleanParam(requestParams, ApiConstants.DISK_SIZE_STRICTNESS, cmd::getDiskSizeStrictness, sourceOffering.getDiskSizeStrictness());
+        final Boolean encrypt = resolveBooleanParam(requestParams, ApiConstants.ENCRYPT, cmd::getEncrypt, sourceOffering.getEncrypt());
+
+        final List<Long> domainIds = resolveDomainIdsForDiskOffering(cmd, sourceOffering);
+        final List<Long> zoneIds = resolveZoneIdsForDiskOffering(cmd, sourceOffering);
+
+        final boolean localStorageRequired = resolveLocalStorageRequired(cmd, sourceOffering);
+
+        final ClonedDiskIopsParams iopsParams = resolveDiskIopsParams(cmd, sourceOffering);
+
+        final ClonedDiskRateParams rateParams = resolveDiskRateParams(cmd, sourceOffering);
+
+        final Integer hypervisorSnapshotReserve = getOrDefault(cmd.getHypervisorSnapshotReserve(), sourceOffering.getHypervisorSnapshotReserve());
+        final String cacheMode = resolveCacheMode(cmd, sourceOffering);
+        final Long storagePolicy = resolveStoragePolicyForDiskOffering(cmd, sourceOffering);
+
+        final Map<String, String> mergedDetails = mergeDiskOfferingDetails(cmd, sourceOffering);
+
+        if (cmd.getCacheMode() != null) {
+            validateCacheMode(cmd.getCacheMode());
+        }
+
+        validateMaxRateEqualsOrGreater(iopsParams.iopsReadRate, iopsParams.iopsReadRateMax, IOPS_READ_RATE);
+        validateMaxRateEqualsOrGreater(iopsParams.iopsWriteRate, iopsParams.iopsWriteRateMax, IOPS_WRITE_RATE);
+        validateMaxRateEqualsOrGreater(rateParams.bytesReadRate, rateParams.bytesReadRateMax, BYTES_READ_RATE);
+        validateMaxRateEqualsOrGreater(rateParams.bytesWriteRate, rateParams.bytesWriteRateMax, BYTES_WRITE_RATE);
+        validateMaximumIopsAndBytesLength(iopsParams.iopsReadRateMaxLength, iopsParams.iopsWriteRateMaxLength,
+                                          rateParams.bytesReadRateMaxLength, rateParams.bytesWriteRateMaxLength);
+
+        return createDiskOffering(userId, domainIds, zoneIds, name, displayText, provisioningType, diskSize, tags,
+                isCustomized, localStorageRequired, displayOffering, isCustomizedIops, iopsParams.minIops, iopsParams.maxIops,
+                rateParams.bytesReadRate, rateParams.bytesReadRateMax, rateParams.bytesReadRateMaxLength,
+                rateParams.bytesWriteRate, rateParams.bytesWriteRateMax, rateParams.bytesWriteRateMaxLength,
+                iopsParams.iopsReadRate, iopsParams.iopsReadRateMax, iopsParams.iopsReadRateMaxLength,
+                iopsParams.iopsWriteRate, iopsParams.iopsWriteRateMax, iopsParams.iopsWriteRateMaxLength,
+                hypervisorSnapshotReserve, cacheMode, mergedDetails, storagePolicy, diskSizeStrictness, encrypt);
+    }
+
+    private DiskOfferingVO getAndValidateSourceDiskOffering(Long sourceOfferingId) {
+        final DiskOfferingVO sourceOffering = _diskOfferingDao.findById(sourceOfferingId);
+        if (sourceOffering == null) {
+            throw new InvalidParameterValueException("Unable to find disk offering with ID: " + sourceOfferingId);
+        }
+        return sourceOffering;
+    }
+
+    private List<Long> resolveDomainIdsForDiskOffering(CloneDiskOfferingCmd cmd, DiskOfferingVO sourceOffering) {
+        List<Long> domainIds = cmd.getDomainIds();
+        if (domainIds == null || domainIds.isEmpty()) {
+            domainIds = diskOfferingDetailsDao.findDomainIds(sourceOffering.getId());
+        }
+        return domainIds;
+    }
+
+    private List<Long> resolveZoneIdsForDiskOffering(CloneDiskOfferingCmd cmd, DiskOfferingVO sourceOffering) {
+        List<Long> zoneIds = cmd.getZoneIds();
+        if (zoneIds == null || zoneIds.isEmpty()) {
+            zoneIds = diskOfferingDetailsDao.findZoneIds(sourceOffering.getId());
+        }
+        return zoneIds;
+    }
+
+    private boolean resolveLocalStorageRequired(CloneDiskOfferingCmd cmd, DiskOfferingVO sourceOffering) {
+        if (cmd.getStorageType() != null) {
+            return ServiceOffering.StorageType.local.toString().equalsIgnoreCase(cmd.getStorageType());
+        }
+        return sourceOffering.isUseLocalStorage();
+    }
+
+    private String resolveCacheMode(CloneDiskOfferingCmd cmd, DiskOfferingVO sourceOffering) {
+        if (cmd.getCacheMode() != null) {
+            return cmd.getCacheMode();
+        }
+        if (sourceOffering.getCacheMode() != null) {
+            return sourceOffering.getCacheMode().toString();
+        }
+        return null;
+    }
+
+    private Long resolveStoragePolicyForDiskOffering(CloneDiskOfferingCmd cmd, DiskOfferingVO sourceOffering) {
+        Long storagePolicy = cmd.getStoragePolicy();
+        if (storagePolicy == null) {
+            String storagePolicyStr = diskOfferingDetailsDao.getDetail(sourceOffering.getId(), ApiConstants.STORAGE_POLICY);
+            if (storagePolicyStr != null) {
+                storagePolicy = Long.parseLong(storagePolicyStr);
+            }
+        }
+        return storagePolicy;
+    }
+
+    private ClonedDiskIopsParams resolveDiskIopsParams(CloneDiskOfferingCmd cmd, DiskOfferingVO sourceOffering) {
+        final ClonedDiskIopsParams params = new ClonedDiskIopsParams();
+
+        params.minIops = getOrDefault(cmd.getMinIops(), sourceOffering.getMinIops());
+        params.maxIops = getOrDefault(cmd.getMaxIops(), sourceOffering.getMaxIops());
+        params.iopsReadRate = getOrDefault(cmd.getIopsReadRate(), sourceOffering.getIopsReadRate());
+        params.iopsReadRateMax = getOrDefault(cmd.getIopsReadRateMax(), sourceOffering.getIopsReadRateMax());
+        params.iopsReadRateMaxLength = getOrDefault(cmd.getIopsReadRateMaxLength(), sourceOffering.getIopsReadRateMaxLength());
+        params.iopsWriteRate = getOrDefault(cmd.getIopsWriteRate(), sourceOffering.getIopsWriteRate());
+        params.iopsWriteRateMax = getOrDefault(cmd.getIopsWriteRateMax(), sourceOffering.getIopsWriteRateMax());
+        params.iopsWriteRateMaxLength = getOrDefault(cmd.getIopsWriteRateMaxLength(), sourceOffering.getIopsWriteRateMaxLength());
+
+        return params;
+    }
+
+    private ClonedDiskRateParams resolveDiskRateParams(CloneDiskOfferingCmd cmd, DiskOfferingVO sourceOffering) {
+        final ClonedDiskRateParams params = new ClonedDiskRateParams();
+
+        params.bytesReadRate = getOrDefault(cmd.getBytesReadRate(), sourceOffering.getBytesReadRate());
+        params.bytesReadRateMax = getOrDefault(cmd.getBytesReadRateMax(), sourceOffering.getBytesReadRateMax());
+        params.bytesReadRateMaxLength = getOrDefault(cmd.getBytesReadRateMaxLength(), sourceOffering.getBytesReadRateMaxLength());
+        params.bytesWriteRate = getOrDefault(cmd.getBytesWriteRate(), sourceOffering.getBytesWriteRate());
+        params.bytesWriteRateMax = getOrDefault(cmd.getBytesWriteRateMax(), sourceOffering.getBytesWriteRateMax());
+        params.bytesWriteRateMaxLength = getOrDefault(cmd.getBytesWriteRateMaxLength(), sourceOffering.getBytesWriteRateMaxLength());
+
+        return params;
+    }
+
+    private Map<String, String> mergeDiskOfferingDetails(CloneDiskOfferingCmd cmd, DiskOfferingVO sourceOffering) {
+        final Map<String, String> cmdDetails = cmd.getDetails();
+        final Map<String, String> mergedDetails = new HashMap<>();
+
+        if (cmdDetails == null || cmdDetails.isEmpty()) {
+            Map<String, String> sourceDetails = diskOfferingDetailsDao.listDetailsKeyPairs(sourceOffering.getId());
+            if (sourceDetails != null) {
+                mergedDetails.putAll(sourceDetails);
+            }
+        } else {
+            mergedDetails.putAll(cmdDetails);
+        }
+
+        return mergedDetails;
+    }
+
+    // Helper classes for disk offering parameters
+    private static class ClonedDiskIopsParams {
+        Long minIops;
+        Long maxIops;
+        Long iopsReadRate;
+        Long iopsReadRateMax;
+        Long iopsReadRateMaxLength;
+        Long iopsWriteRate;
+        Long iopsWriteRateMax;
+        Long iopsWriteRateMaxLength;
+    }
+
+    private static class ClonedDiskRateParams {
+        Long bytesReadRate;
+        Long bytesReadRateMax;
+        Long bytesReadRateMaxLength;
+        Long bytesWriteRate;
+        Long bytesWriteRateMax;
+        Long bytesWriteRateMaxLength;
+    }
+
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_SERVICE_OFFERING_EDIT, eventDescription = "updating service offering")
     public ServiceOffering updateServiceOffering(final UpdateServiceOfferingCmd cmd) {
@@ -6590,7 +7047,7 @@ public void checkZoneAccess(final Account caller, final DataCenter zone) {
 
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_NETWORK_OFFERING_CREATE, eventDescription = "creating network offering")
-    public NetworkOffering createNetworkOffering(final CreateNetworkOfferingCmd cmd) {
+    public NetworkOffering createNetworkOffering(final NetworkOfferingBaseCmd cmd) {
         final String name = cmd.getNetworkOfferingName();
         final String displayText = cmd.getDisplayText();
         final NetUtils.InternetProtocol internetProtocol = NetUtils.InternetProtocol.fromValue(cmd.getInternetProtocol());
@@ -7827,6 +8284,431 @@ public boolean deleteNetworkOffering(final DeleteNetworkOfferingCmd cmd) {
         }
     }
 
+    @Override
+    @ActionEvent(eventType = EventTypes.EVENT_NETWORK_OFFERING_CLONE, eventDescription = "cloning network offering")
+    public NetworkOffering cloneNetworkOffering(final CloneNetworkOfferingCmd cmd) {
+        final Long sourceOfferingId = cmd.getSourceOfferingId();
+
+        final NetworkOfferingVO sourceOffering = _networkOfferingDao.findById(sourceOfferingId);
+        if (sourceOffering == null) {
+            throw new InvalidParameterValueException("Unable to find network offering with id " + sourceOfferingId);
+        }
+
+        String name = cmd.getNetworkOfferingName();
+        if (name == null || name.isEmpty()) {
+            throw new InvalidParameterValueException("Name is required when cloning a network offering");
+        }
+
+        NetworkOfferingVO existing = _networkOfferingDao.findByUniqueName(name);
+        if (existing != null) {
+            throw new InvalidParameterValueException("Network offering with name '" + name + "' already exists");
+        }
+
+        logger.info("Cloning network offering {} (id: {}) to new offering with name: {}",
+                    sourceOffering.getName(), sourceOfferingId, name);
+
+        Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap =
+                _networkModel.getNetworkOfferingServiceProvidersMap(sourceOfferingId);
+
+        validateProvider(sourceOffering, sourceServiceProviderMap, cmd.getProvider(), cmd.getNetworkMode());
+
+        applySourceOfferingValuesToCloneCmd(cmd, sourceServiceProviderMap, sourceOffering);
+
+        return createNetworkOffering(cmd);
+    }
+
+    private void validateProvider(NetworkOfferingVO sourceOffering,
+                                  Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap,
+                                  String detectedProvider, String networkMode) {
+
+        detectedProvider = getExternalNetworkProvider(detectedProvider, sourceServiceProviderMap);
+        // If this is an NSX/Netris offering, prevent network mode changes
+        if (detectedProvider != null && (detectedProvider.equals("NSX") || detectedProvider.equals("Netris"))) {
+            if (networkMode != null && sourceOffering.getNetworkMode() != null) {
+                if (!networkMode.equalsIgnoreCase(sourceOffering.getNetworkMode().toString())) {
+                    throw new InvalidParameterValueException(
+                            String.format("Cannot change network mode when cloning %s provider network offerings. " +
+                                            "Source offering has network mode '%s', but '%s' was specified. ",
+                                    detectedProvider, sourceOffering.getNetworkMode(), networkMode));
+                }
+            }
+        }
+    }
+
+    public static String getExternalNetworkProvider(String detectedProvider,
+                                             Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap) {
+        if (StringUtils.isNotEmpty(detectedProvider)) {
+            return detectedProvider;
+        }
+
+        if (sourceServiceProviderMap == null || sourceServiceProviderMap.isEmpty()) {
+            return null;
+        }
+
+        for (Set<Provider> providers : sourceServiceProviderMap.values()) {
+            if (CollectionUtils.isEmpty(providers)) {
+                continue;
+            }
+            for (Provider provider : providers) {
+                if (provider == Provider.Nsx) {
+                    return "NSX";
+                }
+                if (provider == Provider.Netris) {
+                    return "Netris";
+                }
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * Converts service provider map from internal format to API parameter format.
+     *
+     * Internal format: Map<String, List<String>> where key=serviceName, value=list of provider names
+     * API parameter format: Map where each value is a HashMap with "service" and "provider" keys
+     *
+     * Example: {"Lb": ["VirtualRouter"]} becomes {0: {"service": "Lb", "provider": "VirtualRouter"}}
+     */
+    private Map<String, Map<String, String>> convertToApiParameterFormat(Map<String, List<String>> serviceProviderMap) {
+        Map<String, Map<String, String>> apiFormatMap = new HashMap<>();
+        int index = 0;
+
+        for (Map.Entry<String, List<String>> entry : serviceProviderMap.entrySet()) {
+            String serviceName = entry.getKey();
+            List<String> providers = entry.getValue();
+
+            for (String provider : providers) {
+                Map<String, String> serviceProviderEntry = new HashMap<>();
+                serviceProviderEntry.put("service", serviceName);
+                serviceProviderEntry.put("provider", provider);
+                apiFormatMap.put(String.valueOf(index), serviceProviderEntry);
+                index++;
+            }
+        }
+
+        return apiFormatMap;
+    }
+
+    private void applySourceOfferingValuesToCloneCmd(CloneNetworkOfferingCmd cmd,
+                                                     Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap,
+                                                     NetworkOfferingVO sourceOffering) {
+        Long sourceOfferingId = sourceOffering.getId();
+
+        // Build final services list with add/drop support
+        List<String> finalServices = resolveFinalServicesList(cmd, sourceServiceProviderMap);
+
+        Map<String, List<String>> finalServiceProviderMap = resolveServiceProviderMap(cmd, sourceServiceProviderMap, finalServices);
+
+        Map<String, Map<String, String>> sourceServiceCapabilityList = reconstructNetworkServiceCapabilityList(sourceOffering);
+
+        Map<String, String> sourceDetailsMap = getSourceOfferingDetails(sourceOfferingId);
+
+        List<Long> sourceDomainIds = networkOfferingDetailsDao.findDomainIds(sourceOfferingId);
+        List<Long> sourceZoneIds = networkOfferingDetailsDao.findZoneIds(sourceOfferingId);
+
+        applyResolvedValuesToCommand(cmd, sourceOffering, finalServices, finalServiceProviderMap,
+            sourceServiceCapabilityList, sourceDetailsMap, sourceDomainIds, sourceZoneIds);
+    }
+
+    private Map<String, String> getSourceOfferingDetails(Long sourceOfferingId) {
+        List<NetworkOfferingDetailsVO> sourceDetailsVOs = networkOfferingDetailsDao.listDetails(sourceOfferingId);
+        Map<String, String> sourceDetailsMap = new HashMap<>();
+        for (NetworkOfferingDetailsVO detailVO : sourceDetailsVOs) {
+            sourceDetailsMap.put(detailVO.getName(), detailVO.getValue());
+        }
+        return sourceDetailsMap;
+    }
+
+    private List<String> resolveFinalServicesList(CloneNetworkOfferingCmd cmd,
+            Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap) {
+
+        List<String> cmdServices = cmd.getSupportedServices();
+        List<String> addServices = cmd.getAddServices();
+        List<String> dropServices = cmd.getDropServices();
+
+        if (cmdServices != null && !cmdServices.isEmpty()) {
+            return cmdServices;
+        }
+
+        List<String> finalServices = new ArrayList<>();
+        for (Network.Service service : sourceServiceProviderMap.keySet()) {
+            if (service != Network.Service.Gateway) {
+                finalServices.add(service.getName());
+            }
+        }
+
+        if (dropServices != null && !dropServices.isEmpty()) {
+            List<String> normalizedDropServices = new ArrayList<>();
+            for (String serviceName : dropServices) {
+                Network.Service service = Network.Service.getService(serviceName);
+                if (service == null) {
+                    throw new InvalidParameterValueException("Invalid service name in dropServices: " + serviceName);
+                }
+                normalizedDropServices.add(service.getName());
+            }
+            finalServices.removeAll(normalizedDropServices);
+            logger.debug("Dropped services from clone: {}", normalizedDropServices);
+        }
+
+        if (addServices != null && !addServices.isEmpty()) {
+            List<String> normalizedAddServices = new ArrayList<>();
+            for (String serviceName : addServices) {
+                Network.Service service = Network.Service.getService(serviceName);
+                if (service == null) {
+                    throw new InvalidParameterValueException("Invalid service name in addServices: " + serviceName);
+                }
+                String canonicalName = service.getName();
+                if (!finalServices.contains(canonicalName)) {
+                    finalServices.add(canonicalName);
+                    normalizedAddServices.add(canonicalName);
+                }
+            }
+            logger.debug("Added services to clone: {}", normalizedAddServices);
+        }
+
+        return finalServices;
+    }
+
+    private Map<String, List<String>> resolveServiceProviderMap(CloneNetworkOfferingCmd cmd,
+            Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap, List<String> finalServices) {
+
+        if (cmd.getServiceProviders() != null && !cmd.getServiceProviders().isEmpty()) {
+            return cmd.getServiceProviders();
+        }
+
+        Map<String, List<String>> finalMap = new HashMap<>();
+        for (Map.Entry<Network.Service, Set<Network.Provider>> entry : sourceServiceProviderMap.entrySet()) {
+            String serviceName = entry.getKey().getName();
+            if (finalServices.contains(serviceName)) {
+                List<String> providers = new ArrayList<>();
+                for (Network.Provider provider : entry.getValue()) {
+                    providers.add(provider.getName());
+                }
+                finalMap.put(serviceName, providers);
+            }
+        }
+
+        return finalMap;
+    }
+
+    private void applyResolvedValuesToCommand(CloneNetworkOfferingCmd cmd, NetworkOfferingVO sourceOffering,
+            List<String> finalServices, Map<String, List<String>> finalServiceProviderMap, Map<String, Map<String, String>> sourceServiceCapabilityList,
+            Map<String, String> sourceDetailsMap, List<Long> sourceDomainIds, List<Long> sourceZoneIds) {
+
+        try {
+            Map<String, String> requestParams = cmd.getFullUrlParams();
+
+            if (cmd.getSupportedServices() == null || cmd.getSupportedServices().isEmpty()) {
+                setField(cmd, "supportedServices", finalServices);
+            }
+            if (cmd.getServiceProviders() == null || cmd.getServiceProviders().isEmpty()) {
+                Map<String, Map<String, String>> apiFormatMap = convertToApiParameterFormat(finalServiceProviderMap);
+                setField(cmd, "serviceProviderList", apiFormatMap);
+            }
+
+            boolean hasCapabilityParams = requestParams.keySet().stream()
+                .anyMatch(key -> key.startsWith(ApiConstants.SERVICE_CAPABILITY_LIST));
+
+            if (!hasCapabilityParams && sourceServiceCapabilityList != null && !sourceServiceCapabilityList.isEmpty()) {
+                // Filter capabilities to only include those for services in the final service list
+                // This ensures that if services are dropped, their capabilities are also removed
+                Map<String, Map<String, String>> filteredCapabilities = new HashMap<>();
+                for (Map.Entry<String, Map<String, String>> entry : sourceServiceCapabilityList.entrySet()) {
+                    Map<String, String> capabilityMap = entry.getValue();
+                    String serviceName = capabilityMap.get("service");
+                    if (serviceName != null && finalServices.contains(serviceName)) {
+                        filteredCapabilities.put(entry.getKey(), capabilityMap);
+                    }
+                }
+
+                if (!filteredCapabilities.isEmpty()) {
+                    setField(cmd, "serviceCapabilitiesList", filteredCapabilities);
+                }
+            }
+
+            applyIfNotProvided(cmd, requestParams, "displayText", ApiConstants.DISPLAY_TEXT, cmd.getDisplayText(), sourceOffering.getDisplayText());
+            applyIfNotProvided(cmd, requestParams, "traffictype", ApiConstants.TRAFFIC_TYPE, cmd.getTraffictype(), sourceOffering.getTrafficType().toString());
+            applyIfNotProvided(cmd, requestParams, "tags", ApiConstants.TAGS, cmd.getTags(), sourceOffering.getTags());
+            applyIfNotProvided(cmd, requestParams, "availability", ApiConstants.AVAILABILITY, cmd.getAvailability(), Availability.Optional.toString());
+            applyIfNotProvided(cmd, requestParams, "networkRate", ApiConstants.NETWORKRATE, cmd.getNetworkRate(), sourceOffering.getRateMbps());
+            applyIfNotProvided(cmd, requestParams, "serviceOfferingId", ApiConstants.SERVICE_OFFERING_ID, cmd.getServiceOfferingId(), sourceOffering.getServiceOfferingId());
+            applyIfNotProvided(cmd, requestParams, "guestIptype", ApiConstants.GUEST_IP_TYPE, cmd.getGuestIpType(), sourceOffering.getGuestType().toString());
+            applyIfNotProvided(cmd, requestParams, "maxConnections", ApiConstants.MAX_CONNECTIONS, cmd.getMaxconnections(), sourceOffering.getConcurrentConnections());
+
+            applyBooleanIfNotProvided(cmd, requestParams, "specifyVlan", ApiConstants.SPECIFY_VLAN, sourceOffering.isSpecifyVlan());
+            applyBooleanIfNotProvided(cmd, requestParams, "conserveMode", ApiConstants.CONSERVE_MODE, sourceOffering.isConserveMode());
+            applyBooleanIfNotProvided(cmd, requestParams, "specifyIpRanges", ApiConstants.SPECIFY_IP_RANGES, sourceOffering.isSpecifyIpRanges());
+            applyBooleanIfNotProvided(cmd, requestParams, "isPersistent", ApiConstants.IS_PERSISTENT, sourceOffering.isPersistent());
+            applyBooleanIfNotProvided(cmd, requestParams, "forVpc", ApiConstants.FOR_VPC, sourceOffering.isForVpc());
+            applyBooleanIfNotProvided(cmd, requestParams, "egressDefaultPolicy", ApiConstants.EGRESS_DEFAULT_POLICY, sourceOffering.isEgressDefaultPolicy());
+            applyBooleanIfNotProvided(cmd, requestParams, "keepAliveEnabled", ApiConstants.KEEPALIVE_ENABLED, sourceOffering.isKeepAliveEnabled());
+            applyBooleanIfNotProvided(cmd, requestParams, "enable", ApiConstants.ENABLE, sourceOffering.getState() == NetworkOffering.State.Enabled);
+            applyBooleanIfNotProvided(cmd, requestParams, "specifyAsNumber", ApiConstants.SPECIFY_AS_NUMBER, sourceOffering.isSpecifyAsNumber());
+
+            if (!requestParams.containsKey(ApiConstants.INTERNET_PROTOCOL)) {
+                String internetProtocol = networkOfferingDetailsDao.getDetail(sourceOffering.getId(), Detail.internetProtocol);
+                if (internetProtocol != null) {
+                    setField(cmd, "internetProtocol", internetProtocol);
+                }
+            }
+
+            if (!requestParams.containsKey(ApiConstants.NETWORK_MODE) && sourceOffering.getNetworkMode() != null) {
+                setField(cmd, "networkMode", sourceOffering.getNetworkMode().toString());
+            }
+
+            if (!requestParams.containsKey(ApiConstants.ROUTING_MODE) && sourceOffering.getRoutingMode() != null) {
+                setField(cmd, "routingMode", sourceOffering.getRoutingMode().toString());
+            }
+
+            if (cmd.getDetails() == null || cmd.getDetails().isEmpty()) {
+                if (!sourceDetailsMap.isEmpty()) {
+                    setField(cmd, "details", sourceDetailsMap);
+                }
+            }
+
+            if (cmd.getDomainIds() == null || cmd.getDomainIds().isEmpty()) {
+                if (sourceDomainIds != null && !sourceDomainIds.isEmpty()) {
+                    setField(cmd, "domainIds", sourceDomainIds);
+                }
+            }
+            if (cmd.getZoneIds() == null || cmd.getZoneIds().isEmpty()) {
+                if (sourceZoneIds != null && !sourceZoneIds.isEmpty()) {
+                    setField(cmd, "zoneIds", sourceZoneIds);
+                }
+            }
+
+        } catch (Exception e) {
+            logger.warn("Failed to apply some source offering parameters during clone: {}", e.getMessage());
+        }
+    }
+
+    /**
+     * Reconstructs the service capability list from the source network offering's stored capability flags.
+     * These capabilities were originally passed during creation and stored as boolean flags in the offering.
+     *
+     * Returns a Map in the format expected by CreateNetworkOfferingCmd.serviceCapabilitystList:
+     * Map where each value is a HashMap with keys: "service", "capabilitytype", "capabilityvalue"
+     */
+    private Map<String, Map<String, String>> reconstructNetworkServiceCapabilityList(NetworkOfferingVO sourceOffering) {
+        Map<String, Map<String, String>> capabilityList = new HashMap<>();
+        int index = 0;
+
+        if (sourceOffering.isDedicatedLB()) {
+            Map<String, String> cap = new HashMap<>();
+            cap.put("service", Network.Service.Lb.getName());
+            cap.put("capabilitytype", Network.Capability.SupportedLBIsolation.getName());
+            cap.put("capabilityvalue", "dedicated");
+            capabilityList.put(String.valueOf(index++), cap);
+        }
+        if (sourceOffering.isElasticLb()) {
+            Map<String, String> cap = new HashMap<>();
+            cap.put("service", Network.Service.Lb.getName());
+            cap.put("capabilitytype", Network.Capability.ElasticLb.getName());
+            cap.put("capabilityvalue", "true");
+            capabilityList.put(String.valueOf(index++), cap);
+        }
+        if (sourceOffering.isInline()) {
+            Map<String, String> cap = new HashMap<>();
+            cap.put("service", Network.Service.Lb.getName());
+            cap.put("capabilitytype", Network.Capability.InlineMode.getName());
+            cap.put("capabilityvalue", "true");
+            capabilityList.put(String.valueOf(index++), cap);
+        }
+        if (sourceOffering.isPublicLb() || sourceOffering.isInternalLb()) {
+            List<String> schemes = new ArrayList<>();
+            if (sourceOffering.isPublicLb()) schemes.add("public");
+            if (sourceOffering.isInternalLb()) schemes.add("internal");
+            Map<String, String> cap = new HashMap<>();
+            cap.put("service", Network.Service.Lb.getName());
+            cap.put("capabilitytype", Network.Capability.LbSchemes.getName());
+            cap.put("capabilityvalue", String.join(",", schemes));
+            capabilityList.put(String.valueOf(index++), cap);
+        }
+        if (sourceOffering.isSupportsVmAutoScaling()) {
+            Map<String, String> cap = new HashMap<>();
+            cap.put("service", Network.Service.Lb.getName());
+            cap.put("capabilitytype", Network.Capability.VmAutoScaling.getName());
+            cap.put("capabilityvalue", "true");
+            capabilityList.put(String.valueOf(index++), cap);
+        }
+
+        if (sourceOffering.isSharedSourceNat()) {
+            Map<String, String> cap = new HashMap<>();
+            cap.put("service", Network.Service.SourceNat.getName());
+            cap.put("capabilitytype", Network.Capability.SupportedSourceNatTypes.getName());
+            cap.put("capabilityvalue", "perzone");
+            capabilityList.put(String.valueOf(index++), cap);
+        }
+
+        if (sourceOffering.isRedundantRouter()) {
+            Map<String, String> cap1 = new HashMap<>();
+            cap1.put("service", Network.Service.SourceNat.getName());
+            cap1.put("capabilitytype", Network.Capability.RedundantRouter.getName());
+            cap1.put("capabilityvalue", "true");
+            capabilityList.put(String.valueOf(index++), cap1);
+
+            Map<String, String> cap2 = new HashMap<>();
+            cap2.put("service", Network.Service.Gateway.getName());
+            cap2.put("capabilitytype", Network.Capability.RedundantRouter.getName());
+            cap2.put("capabilityvalue", "true");
+            capabilityList.put(String.valueOf(index++), cap2);
+        }
+
+        if (sourceOffering.isElasticIp()) {
+            Map<String, String> cap = new HashMap<>();
+            cap.put("service", Network.Service.StaticNat.getName());
+            cap.put("capabilitytype", Network.Capability.ElasticIp.getName());
+            cap.put("capabilityvalue", "true");
+            capabilityList.put(String.valueOf(index++), cap);
+        }
+
+        if (sourceOffering.isElasticIp() && sourceOffering.isAssociatePublicIP()) {
+            Map<String, String> cap = new HashMap<>();
+            cap.put("service", Network.Service.StaticNat.getName());
+            cap.put("capabilitytype", Network.Capability.AssociatePublicIP.getName());
+            cap.put("capabilityvalue", "true");
+            capabilityList.put(String.valueOf(index++), cap);
+        }
+
+        return capabilityList;
+    }
+
+    public static void applyIfNotProvided(Object cmd, Map<String, String> requestParams, String fieldName,
+            String apiConstant, Object currentValue, Object sourceValue) throws Exception {
+        if ((requestParams == null || !requestParams.containsKey(apiConstant)) && sourceValue != null) {
+            setField(cmd, fieldName, sourceValue);
+        }
+    }
+
+    public static void applyBooleanIfNotProvided(Object cmd, Map<String, String> requestParams,
+            String fieldName, String apiConstant, Boolean sourceValue) throws Exception {
+        if ((requestParams == null || !requestParams.containsKey(apiConstant)) && sourceValue != null) {
+            setField(cmd, fieldName, sourceValue);
+        }
+    }
+
+    public static void setField(Object obj, String fieldName, Object value) throws Exception {
+        Field field = findField(obj.getClass(), fieldName);
+        if (field == null) {
+            throw new NoSuchFieldException("Field '" + fieldName + "' not found in class hierarchy of " + obj.getClass().getName());
+        }
+        field.setAccessible(true);
+        field.set(obj, value);
+    }
+
+    public static Field findField(Class<?> clazz, String fieldName) {
+        Class<?> currentClass = clazz;
+        while (currentClass != null) {
+            try {
+                return currentClass.getDeclaredField(fieldName);
+            } catch (NoSuchFieldException e) {
+                currentClass = currentClass.getSuperclass();
+            }
+        }
+        return null;
+    }
+
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_NETWORK_OFFERING_EDIT, eventDescription = "updating network offering")
     public NetworkOffering updateNetworkOffering(final UpdateNetworkOfferingCmd cmd) {
diff --git a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java
index 20ca189994ef..7f41a1a106cb 100644
--- a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java
@@ -1543,6 +1543,14 @@ public IPAddressVO doInTransaction(TransactionStatus status) throws Insufficient
         return ipaddr;
     }
 
+    protected IPAddressVO getExistingSourceNatInVPC(Long vpcId) {
+        List<IPAddressVO> ips = _ipAddressDao.listByAssociatedVpc(vpcId, true);
+        if (CollectionUtils.isEmpty(ips)) {
+            return null;
+        }
+        return ips.get(0);
+    }
+
     protected IPAddressVO getExistingSourceNatInNetwork(long ownerId, Long networkId) {
         List<? extends IpAddress> addrs;
         Network guestNetwork = _networksDao.findById(networkId);
@@ -1723,7 +1731,11 @@ protected boolean isSourceNatAvailableForNetwork(Account owner, IPAddressVO ipTo
         NetworkOffering offering = _networkOfferingDao.findById(network.getNetworkOfferingId());
         boolean sharedSourceNat = offering.isSharedSourceNat();
         boolean isSourceNat = false;
-        if (!sharedSourceNat) {
+        if (network.getVpcId() != null) {
+            // For VPCs: Check if the VPC Source NAT IP address is the same we are associating
+            IPAddressVO vpcSourceNatIpAddress = getExistingSourceNatInVPC(network.getVpcId());
+            isSourceNat = vpcSourceNatIpAddress != null && vpcSourceNatIpAddress.getId() == ipToAssoc.getId();
+        } else if (!sharedSourceNat) {
             if (getExistingSourceNatInNetwork(owner.getId(), network.getId()) == null) {
                 if (network.getGuestType() == GuestType.Isolated && network.getVpcId() == null && !ipToAssoc.isPortable()) {
                     isSourceNat = true;
@@ -2647,4 +2659,31 @@ public void updateSourceNatIpAddress(IPAddressVO requestedIp, List<IPAddressVO>
         });
     }
 
+    @Override
+    public Long getPreferredNetworkIdForPublicIpRuleAssignment(IpAddress ip, Long networkId) {
+        boolean vpcConserveMode = isPublicIpOnVpcConserveMode(ip);
+        return getPreferredNetworkIdForRule(ip, vpcConserveMode, networkId);
+    }
+
+    protected Long getPreferredNetworkIdForRule(IpAddress ip, boolean vpcConserveModeEnabled, Long networkId) {
+        if (vpcConserveModeEnabled) {
+            // Since VPC Conserve mode allows rules from multiple VPC tiers, always check the networkId parameter first
+            return networkId != null ? networkId : ip.getAssociatedWithNetworkId();
+        } else {
+            // In case of Guest Networks or VPC Tier Networks VPC Conserve mode disabled prefer the associated networkId
+            return ip.getAssociatedWithNetworkId() != null ? ip.getAssociatedWithNetworkId() : networkId;
+        }
+    }
+
+    protected boolean isPublicIpOnVpcConserveMode(IpAddress ip) {
+        if (ip.getVpcId() == null) {
+            return false;
+        }
+        Vpc vpc =  _vpcMgr.getActiveVpc(ip.getVpcId());
+        if (vpc == null) {
+            return false;
+        }
+        VpcOffering vpcOffering = vpcOfferingDao.findById(vpc.getVpcOfferingId());
+        return vpcOffering != null && vpcOffering.isConserveMode();
+    }
 }
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index b959cc478d6f..0a2e679b723e 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -6434,6 +6434,11 @@ public String getNicVlanValueForExternalVm(NicTO nic) {
         return Networks.BroadcastDomainType.getValue(nic.getBroadcastUri());
     }
 
+    @Override
+    public Long getPreferredNetworkIdForPublicIpRuleAssignment(IpAddress ip, Long networkId) {
+        return _ipAddrMgr.getPreferredNetworkIdForPublicIpRuleAssignment(ip, networkId);
+    }
+
     @Override
     public Network.IpAddresses getIpAddressesFromIps(String ipAddress, String ip6Address, String macAddress) {
         if (ip6Address != null) {
diff --git a/server/src/main/java/com/cloud/network/as/AutoScaleManagerImpl.java b/server/src/main/java/com/cloud/network/as/AutoScaleManagerImpl.java
index 805a897e0806..805ac4aed86c 100644
--- a/server/src/main/java/com/cloud/network/as/AutoScaleManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/as/AutoScaleManagerImpl.java
@@ -2051,7 +2051,7 @@ private boolean assignLBruleToNewVm(long vmId, AutoScaleVmGroupVO asGroup) {
         }
         lstVmId.add(new Long(vmId));
         try {
-            return loadBalancingRulesService.assignToLoadBalancer(lbId, lstVmId, new HashMap<>(), true);
+            return loadBalancingRulesService.assignToLoadBalancer(lbId, lstVmId, new HashMap<>(), null, true);
         } catch (CloudRuntimeException ex) {
             logger.warn("Caught exception: ", ex);
             return false;
diff --git a/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java
index 00863c28dd22..779d26d51f1c 100644
--- a/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java
@@ -30,6 +30,8 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import com.cloud.network.vpc.Vpc;
+import com.cloud.network.vpc.dao.VpcOfferingDao;
 import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.stereotype.Component;
 
@@ -159,6 +161,8 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService,
     IpAddressManager _ipAddrMgr;
     @Inject
     RoutedIpv4Manager routedIpv4Manager;
+    @Inject
+    VpcOfferingDao vpcOfferingDao;
 
     private boolean _elbEnabled = false;
     static Boolean rulesContinueOnErrFlag = true;
@@ -395,6 +399,10 @@ public void detectRulesConflict(FirewallRule newRule) throws NetworkRuleConflict
             assert (rules.size() >= 1);
         }
 
+        NetworkVO newRuleNetwork = getNewRuleNetwork(newRule);
+        boolean newRuleIsOnVpcNetwork = newRuleNetwork.getVpcId() != null;
+        boolean vpcConserveModeEnabled = _vpcMgr.isNetworkOnVpcEnabledConserveMode(newRuleNetwork);
+
         for (FirewallRuleVO rule : rules) {
             if (rule.getId() == newRule.getId()) {
                 continue; // Skips my own rule.
@@ -443,8 +451,15 @@ public void detectRulesConflict(FirewallRule newRule) throws NetworkRuleConflict
             }
 
             // Checking if the rule applied is to the same network that is passed in the rule.
-            if (rule.getNetworkId() != newRule.getNetworkId() && rule.getState() != State.Revoke) {
-                throw new NetworkRuleConflictException("New rule is for a different network than what's specified in rule " + rule.getXid());
+            // (except for VPCs with conserve mode = true)
+            if ((!newRuleIsOnVpcNetwork || !vpcConserveModeEnabled)
+                    && rule.getNetworkId() != newRule.getNetworkId() && rule.getState() != State.Revoke) {
+                String errMsg = String.format("New rule is for a different network than what's specified in rule %s", rule.getXid());
+                if (newRuleIsOnVpcNetwork) {
+                    Vpc vpc = _vpcMgr.getActiveVpc(newRuleNetwork.getVpcId());
+                    errMsg += String.format(" - VPC id=%s is not using conserve mode", vpc.getUuid());
+                }
+                throw new NetworkRuleConflictException(errMsg);
             }
 
             //Check for the ICMP protocol. This has to be done separately from other protocols as we need to check the ICMP codes and ICMP type also.
@@ -493,6 +508,14 @@ public void detectRulesConflict(FirewallRule newRule) throws NetworkRuleConflict
         }
     }
 
+    protected NetworkVO getNewRuleNetwork(FirewallRule newRule) {
+        NetworkVO newRuleNetwork = _networkDao.findById(newRule.getNetworkId());
+        if (newRuleNetwork == null) {
+            throw new InvalidParameterValueException("Unable to create firewall rule as cannot find network by id=" + newRule.getNetworkId());
+        }
+        return newRuleNetwork;
+    }
+
     protected boolean checkIfRulesHaveConflictingPortRanges(FirewallRule newRule, FirewallRule rule, boolean oneOfRulesIsFirewall, boolean bothRulesFirewall, boolean bothRulesPortForwarding, boolean duplicatedCidrs) {
         String rulesAsString = String.format("[%s] and [%s]", rule, newRule);
 
diff --git a/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
index ced1d781ab57..5f00261f3290 100644
--- a/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@ -53,6 +53,8 @@
 import org.apache.cloudstack.lb.dao.ApplicationLoadBalancerRuleDao;
 import org.apache.cloudstack.utils.reflectiontostringbuilderutils.ReflectionToStringBuilderUtils;
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.MapUtils;
+import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 
 import com.cloud.agent.api.to.LoadBalancerTO;
@@ -1018,7 +1020,7 @@ private boolean isRollBackAllowedForProvider(LoadBalancerVO loadBalancer) {
     @Override
     @DB
     @ActionEvent(eventType = EventTypes.EVENT_ASSIGN_TO_LOAD_BALANCER_RULE, eventDescription = "assigning to load balancer", async = true)
-    public boolean assignToLoadBalancer(long loadBalancerId, List<Long> instanceIds, Map<Long, List<String>> vmIdIpMap, boolean isAutoScaleVM) {
+    public boolean assignToLoadBalancer(long loadBalancerId, List<Long> instanceIds, Map<Long, List<String>> vmIdIpMap, Map<Long, Long> vmIdNetworkMap, boolean isAutoScaleVM) {
         CallContext ctx = CallContext.current();
         Account caller = ctx.getCallingAccount();
 
@@ -1091,28 +1093,12 @@ public boolean assignToLoadBalancer(long loadBalancerId, List<Long> instanceIds,
             _rulesMgr.checkRuleAndUserVm(loadBalancer, vm, caller);
 
             Account vmOwner = _accountDao.findById(vm.getAccountId());
-            Network network = _networkDao.findById(loadBalancer.getNetworkId());
-            _accountMgr.checkAccess(vmOwner, SecurityChecker.AccessType.UseEntry, false, network);
-
-            // Let's check to make sure the vm has a nic in the same network as
-            // the load balancing rule.
-            List<? extends Nic> nics = _networkModel.getNics(vm.getId());
-            Nic nicInSameNetwork = null;
-            for (Nic nic : nics) {
-                if (nic.getNetworkId() == loadBalancer.getNetworkId()) {
-                    nicInSameNetwork = nic;
-                    break;
-                }
-            }
+            Network loadBalancerNetwork = _networkDao.findById(loadBalancer.getNetworkId());
+            _accountMgr.checkAccess(vmOwner, SecurityChecker.AccessType.UseEntry, false, loadBalancerNetwork);
 
-            if (nicInSameNetwork == null) {
-                InvalidParameterValueException ex =
-                        new InvalidParameterValueException("VM with id specified cannot be added because it doesn't belong in the same network.");
-                ex.addProxyObject(vm.getUuid(), "instanceId");
-                throw ex;
-            }
+            Nic vmNicInLb = getVmNicInLoadBalancer(vm, loadBalancer, loadBalancerNetwork, vmIdNetworkMap, vmOwner);
 
-            String priIp = nicInSameNetwork.getIPv4Address();
+            String priIp = vmNicInLb.getIPv4Address();
 
             if (existingVmIdIps.containsKey(instanceId)) {
                 // now check for ip address
@@ -1142,9 +1128,9 @@ public boolean assignToLoadBalancer(long loadBalancerId, List<Long> instanceIds,
                     if (ip.equals(priIp)) {
                         continue;
                     }
-                    if(_nicSecondaryIpDao.findByIp4AddressAndNicId(ip,nicInSameNetwork.getId()) == null) {
+                    if(_nicSecondaryIpDao.findByIp4AddressAndNicId(ip,vmNicInLb.getId()) == null) {
                         throw new InvalidParameterValueException("Instance IP "+ ip + " specified does not belong to " +
-                                "NIC in Network " + nicInSameNetwork.getNetworkId());
+                                "NIC in Network " + vmNicInLb.getNetworkId());
                     }
                 }
             } else {
@@ -1234,6 +1220,63 @@ public void doInTransactionWithoutResult(TransactionStatus status) {
         return success;
     }
 
+    protected Nic getVmNicInLoadBalancer(UserVm vm, LoadBalancerVO loadBalancer, Network loadBalancerNetwork, Map<Long, Long> vmIdNetworkMap, Account vmOwner) {
+        boolean isVpcConserveModeEnabled = _vpcMgr.isNetworkOnVpcEnabledConserveMode(loadBalancerNetwork);
+
+        boolean isNetworkPassedVpcConserveMode = isVpcConserveModeEnabled && MapUtils.isNotEmpty(vmIdNetworkMap) && vmIdNetworkMap.containsKey(vm.getId());
+        Nic vmNicInLb = isNetworkPassedVpcConserveMode ?
+                getNicForVmInVpcConserveModeTierNetwork(vm, vmIdNetworkMap, vmOwner, loadBalancerNetwork) :
+                getNicForVmLbNetwork(vm, loadBalancer);
+
+        if (vmNicInLb == null) {
+            String msg = !isVpcConserveModeEnabled ?
+                    "VM with id specified cannot be added because it doesn't belong in the same network." :
+                    "VM with id specified cannot be added to the load balancing rule for VPC Conserve Mode.";
+            InvalidParameterValueException ex = new InvalidParameterValueException(msg);
+            ex.addProxyObject(vm.getUuid(), "instanceId");
+            throw ex;
+        }
+        return vmNicInLb;
+    }
+
+    /**
+     * For Isolated Networks or Network tiers of VPCs not using Conserve mode, use the same network as the load balancer
+     * @return the nic of the VM in the load balancer network
+     */
+    protected Nic getNicForVmLbNetwork(UserVm vm, LoadBalancerVO loadBalancer) {
+        List<? extends Nic> nics = _networkModel.getNics(vm.getId());
+        for (Nic nic : nics) {
+            if (nic.getNetworkId() == loadBalancer.getNetworkId()) {
+                return nic;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * On VPC Conserve Mode, VMs from multiple VPC networks tiers can be assigned to the same load balancer.
+     * @return the nic of the VM in the specified tier network in `vmIdNetworkMap`
+     */
+    protected Nic getNicForVmInVpcConserveModeTierNetwork(UserVm vm, Map<Long, Long> vmIdNetworkMap, Account vmOwner, Network loadBalancerNetwork) {
+        Long vmNetworkId = vmIdNetworkMap.get(vm.getId());
+        Network vmNetwork = _networkDao.findById(vmNetworkId);
+        _accountMgr.checkAccess(vmOwner, SecurityChecker.AccessType.UseEntry, false, vmNetwork);
+        checkNetworkBelongsToLoadBalancerVpc(vmNetwork, loadBalancerNetwork);
+        return _networkModel.getNicInNetwork(vm.getId(), vmNetworkId);
+    }
+
+    protected void checkNetworkBelongsToLoadBalancerVpc(Network vmNetwork, Network loadBalancerNetwork) {
+        if (ObjectUtils.anyNull(vmNetwork, loadBalancerNetwork)) {
+            throw new InvalidParameterValueException("Cannot add VM to load balancer because the VM network or load balancer network is null");
+        }
+        if (ObjectUtils.anyNull(vmNetwork.getVpcId(), loadBalancerNetwork.getVpcId())) {
+            throw new InvalidParameterValueException("Cannot add VM to load balancer because the VM network or load balancer network are not part of a VPC");
+        }
+        if (!vmNetwork.getVpcId().equals(loadBalancerNetwork.getVpcId())) {
+            throw new InvalidParameterValueException("Cannot add VM to load balancer because the VM network and load balancer network are not part of the same VPC");
+        }
+    }
+
     @Override
     public boolean assignSSLCertToLoadBalancerRule(Long lbId, String certName, String publicCert, String privateKey) {
         logger.error("Calling the manager for LB");
@@ -1740,6 +1783,8 @@ public LoadBalancer createPublicLoadBalancerRule(String xId, String name, String
             throw new NetworkRuleConflictException("Can't do load balance on IP address: " + ipVO.getAddress());
         }
 
+        verifyLoadBalancerRuleNetwork(name, network, ipVO);
+
         String cidrString = generateCidrString(cidrList);
 
         boolean performedIpAssoc = false;
@@ -1763,7 +1808,7 @@ public LoadBalancer createPublicLoadBalancerRule(String xId, String name, String
             }
 
             result = createPublicLoadBalancer(xId, name, description, srcPortStart, defPortStart, ipVO.getId(), protocol, algorithm, openFirewall, CallContext.current(),
-                    lbProtocol, forDisplay, cidrString);
+                    lbProtocol, forDisplay, cidrString, networkId);
         } catch (Exception ex) {
             logger.warn("Failed to create load balancer due to ", ex);
             if (ex instanceof NetworkRuleConflictException) {
@@ -1792,7 +1837,18 @@ public LoadBalancer createPublicLoadBalancerRule(String xId, String name, String
 
         return result;
     }
-   /**
+
+    protected void verifyLoadBalancerRuleNetwork(String lbName, Network network, IPAddressVO ipVO) {
+        boolean isVpcConserveModeEnabled = _vpcMgr.isNetworkOnVpcEnabledConserveMode(network);
+        if (!isVpcConserveModeEnabled && ipVO.getAssociatedWithNetworkId() != null && network.getId() != ipVO.getAssociatedWithNetworkId()) {
+            String msg = String.format("Cannot create Load Balancer rule %s as the IP address %s is not associated " +
+                    "with the network %s (ID=%s)", lbName, ipVO.getAddress(), network.getName(), network.getUuid());
+            logger.error(msg);
+            throw new InvalidParameterValueException(msg);
+        }
+    }
+
+    /**
     * Transforms the cidrList from a List of Strings to a String which contains all the CIDRs from cidrList separated by whitespaces. This is used to facilitate both the persistence
     * in the DB and also later when building the configuration String in the getRulesForPool method of the HAProxyConfigurator class.
    */
@@ -1826,7 +1882,7 @@ private String validateCidr(String cidr) {
     @Override
     public LoadBalancer createPublicLoadBalancer(final String xId, final String name, final String description, final int srcPort, final int destPort, final long sourceIpId,
                                                  final String protocol, final String algorithm, final boolean openFirewall, final CallContext caller, final String lbProtocol,
-                                                 final Boolean forDisplay, String cidrList) throws NetworkRuleConflictException {
+                                                 final Boolean forDisplay, String cidrList, Long networkIdParam) throws NetworkRuleConflictException {
         if (!NetUtils.isValidPort(destPort)) {
             throw new InvalidParameterValueException("privatePort is an invalid value: " + destPort);
         }
@@ -1855,7 +1911,7 @@ public LoadBalancer createPublicLoadBalancer(final String xId, final String name
 
             _accountMgr.checkAccess(caller.getCallingAccount(), null, true, ipAddr);
 
-            final Long networkId = ipAddr.getAssociatedWithNetworkId();
+            final Long networkId = _ipAddrMgr.getPreferredNetworkIdForPublicIpRuleAssignment(ipAddr, networkIdParam);
             if (networkId == null) {
                 InvalidParameterValueException ex =
                         new InvalidParameterValueException("Unable to create load balancer rule ; specified sourceip id is not associated with any network");
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index 86d1fba038b7..156e71e72b8f 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -71,6 +71,7 @@
 import org.apache.cloudstack.annotation.AnnotationService;
 import org.apache.cloudstack.annotation.dao.AnnotationDao;
 import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.command.admin.vpc.CloneVPCOfferingCmd;
 import org.apache.cloudstack.api.command.admin.vpc.CreatePrivateGatewayByAdminCmd;
 import org.apache.cloudstack.api.command.admin.vpc.CreateVPCCmdByAdmin;
 import org.apache.cloudstack.api.command.admin.vpc.CreateVPCOfferingCmd;
@@ -388,7 +389,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                     }
                     createVpcOffering(VpcOffering.defaultVPCOfferingName, VpcOffering.defaultVPCOfferingName, svcProviderMap,
                             true, State.Enabled, null, false,
-                            false, false, null, null, false);
+                            false, false, null, null, false, false);
                 }
 
                 // configure default vpc offering with Netscaler as LB Provider
@@ -408,7 +409,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                         }
                     }
                     createVpcOffering(VpcOffering.defaultVPCNSOfferingName, VpcOffering.defaultVPCNSOfferingName,
-                            svcProviderMap, false, State.Enabled, null, false, false, false, null, null, false);
+                            svcProviderMap, false, State.Enabled, null, false, false, false, null, null, false, false);
 
                 }
 
@@ -429,7 +430,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                         }
                     }
                     createVpcOffering(VpcOffering.redundantVPCOfferingName, VpcOffering.redundantVPCOfferingName, svcProviderMap, true, State.Enabled,
-                            null, false, false, true, null, null, false);
+                            null, false, false, true, null, null, false, false);
                 }
 
                 // configure default vpc offering with NSX as network service provider in NAT mode
@@ -446,7 +447,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                         }
                     }
                     createVpcOffering(VpcOffering.DEFAULT_VPC_NAT_NSX_OFFERING_NAME, VpcOffering.DEFAULT_VPC_NAT_NSX_OFFERING_NAME, svcProviderMap, false,
-                            State.Enabled, null, false, false, false, NetworkOffering.NetworkMode.NATTED, null, false);
+                            State.Enabled, null, false, false, false, NetworkOffering.NetworkMode.NATTED, null, false, false);
 
                 }
 
@@ -464,7 +465,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                         }
                     }
                     createVpcOffering(VpcOffering.DEFAULT_VPC_ROUTE_NSX_OFFERING_NAME, VpcOffering.DEFAULT_VPC_ROUTE_NSX_OFFERING_NAME, svcProviderMap, false,
-                            State.Enabled, null, false, false, false, NetworkOffering.NetworkMode.ROUTED, null, false);
+                            State.Enabled, null, false, false, false, NetworkOffering.NetworkMode.ROUTED, null, false, false);
 
                 }
 
@@ -482,7 +483,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                         }
                     }
                     createVpcOffering(VpcOffering.DEFAULT_VPC_ROUTE_NETRIS_OFFERING_NAME, VpcOffering.DEFAULT_VPC_ROUTE_NETRIS_OFFERING_NAME, svcProviderMap, false,
-                            State.Enabled, null, false, false, false, NetworkOffering.NetworkMode.ROUTED, null, false);
+                            State.Enabled, null, false, false, false, NetworkOffering.NetworkMode.ROUTED, null, false, false);
 
                 }
 
@@ -500,7 +501,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                         }
                     }
                     createVpcOffering(VpcOffering.DEFAULT_VPC_NAT_NETRIS_OFFERING_NAME, VpcOffering.DEFAULT_VPC_NAT_NETRIS_OFFERING_NAME, svcProviderMap, false,
-                            State.Enabled, null, false, false, false, NetworkOffering.NetworkMode.NATTED, null, false);
+                            State.Enabled, null, false, false, false, NetworkOffering.NetworkMode.NATTED, null, false, false);
 
                 }
             }
@@ -586,6 +587,7 @@ public VpcOffering createVpcOffering(CreateVPCOfferingCmd cmd) {
         }
         boolean specifyAsNumber = cmd.getSpecifyAsNumber();
         String routingModeString = cmd.getRoutingMode();
+        boolean conserveMode = cmd.isConserveMode();
 
         // check if valid domain
         if (CollectionUtils.isNotEmpty(cmd.getDomainIds())) {
@@ -624,7 +626,7 @@ public VpcOffering createVpcOffering(CreateVPCOfferingCmd cmd) {
 
         return createVpcOffering(vpcOfferingName, displayText, supportedServices,
                 serviceProviderList, serviceCapabilityList, internetProtocol, serviceOfferingId, provider, networkMode,
-                domainIds, zoneIds, (enable ? State.Enabled : State.Disabled), routingMode, specifyAsNumber);
+                domainIds, zoneIds, (enable ? State.Enabled : State.Disabled), routingMode, specifyAsNumber, conserveMode);
     }
 
     @Override
@@ -632,7 +634,13 @@ public VpcOffering createVpcOffering(CreateVPCOfferingCmd cmd) {
     public VpcOffering createVpcOffering(final String name, final String displayText, final List<String> supportedServices, final Map<String, List<String>> serviceProviders,
                                          final Map serviceCapabilityList, final NetUtils.InternetProtocol internetProtocol, final Long serviceOfferingId,
                                          final String externalProvider, final NetworkOffering.NetworkMode networkMode, List<Long> domainIds, List<Long> zoneIds, State state,
-                                         NetworkOffering.RoutingMode routingMode, boolean specifyAsNumber) {
+                                         NetworkOffering.RoutingMode routingMode, boolean specifyAsNumber, boolean conserveMode) {
+
+        boolean isExternalProvider = externalProvider != null &&
+                Arrays.asList("NSX", "Netris").stream().anyMatch(s -> s.equalsIgnoreCase(externalProvider));
+        if (!isExternalProvider && CollectionUtils.isEmpty(supportedServices)) {
+            throw new InvalidParameterValueException("Supported services needs to be provided");
+        }
 
         if (!Ipv6Service.Ipv6OfferingCreationEnabled.value() && !(internetProtocol == null || NetUtils.InternetProtocol.IPv4.equals(internetProtocol))) {
             throw new InvalidParameterValueException(String.format("Configuration %s needs to be enabled for creating IPv6 supported VPC offering", Ipv6Service.Ipv6OfferingCreationEnabled.key()));
@@ -727,7 +735,7 @@ public VpcOffering createVpcOffering(final String name, final String displayText
         final boolean offersRegionLevelVPC = isVpcOfferingForRegionLevelVpc(serviceCapabilityList);
         final boolean redundantRouter = isVpcOfferingRedundantRouter(serviceCapabilityList, redundantRouterService);
         final VpcOfferingVO offering = createVpcOffering(name, displayText, svcProviderMap, false, state, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC,
-                redundantRouter, networkMode, routingMode, specifyAsNumber);
+                redundantRouter, networkMode, routingMode, specifyAsNumber, conserveMode);
 
         if (offering != null) {
             List<VpcOfferingDetailsVO> detailsVO = new ArrayList<>();
@@ -755,7 +763,7 @@ public VpcOffering createVpcOffering(final String name, final String displayText
     @DB
     protected VpcOfferingVO createVpcOffering(final String name, final String displayText, final Map<Service, Set<Provider>> svcProviderMap,
                                               final boolean isDefault, final State state, final Long serviceOfferingId, final boolean supportsDistributedRouter, final boolean offersRegionLevelVPC,
-                                              final boolean redundantRouter, NetworkOffering.NetworkMode networkMode, NetworkOffering.RoutingMode routingMode, boolean specifyAsNumber) {
+                                              final boolean redundantRouter, NetworkOffering.NetworkMode networkMode, NetworkOffering.RoutingMode routingMode, boolean specifyAsNumber, boolean conserveMode) {
 
         return Transaction.execute(new TransactionCallback<VpcOfferingVO>() {
             @Override
@@ -771,6 +779,7 @@ public VpcOfferingVO doInTransaction(final TransactionStatus status) {
                 if (Objects.nonNull(routingMode)) {
                     offering.setRoutingMode(routingMode);
                 }
+                offering.setConserveMode(conserveMode);
 
                 logger.debug("Adding vpc offering " + offering);
                 offering = _vpcOffDao.persist(offering);
@@ -811,6 +820,349 @@ protected void checkCapabilityPerServiceProvider(final Set<Provider> providers,
         }
     }
 
+    @Override
+    @ActionEvent(eventType = EventTypes.EVENT_VPC_OFFERING_CLONE, eventDescription = "cloning VPC offering")
+    public VpcOffering cloneVPCOffering(CloneVPCOfferingCmd cmd) {
+        Long sourceVpcOfferingId = cmd.getSourceOfferingId();
+
+        final VpcOffering sourceVpcOffering = _vpcOffDao.findById(sourceVpcOfferingId);
+        if (sourceVpcOffering == null) {
+            throw new InvalidParameterValueException("Unable to find source VPC offering by id " + sourceVpcOfferingId);
+        }
+
+        String name = cmd.getVpcOfferingName();
+        if (name == null || name.isEmpty()) {
+            throw new InvalidParameterValueException("Name is required when cloning a VPC offering");
+        }
+
+        VpcOfferingVO vpcOfferingVO = _vpcOffDao.findByUniqueName(name);
+        if (vpcOfferingVO != null) {
+            throw new InvalidParameterValueException(String.format("A VPC offering with name %s already exists", name));
+        }
+
+        logger.info("Cloning VPC offering {} (id: {}) to new offering with name: {}",
+                sourceVpcOffering.getName(), sourceVpcOfferingId, name);
+
+        Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap = getVpcOffSvcProvidersMap(sourceVpcOfferingId);
+        validateProvider(sourceVpcOffering, sourceServiceProviderMap, cmd.getProvider(), cmd.getNetworkMode());
+
+        applySourceOfferingValuesToCloneCmd(cmd, sourceServiceProviderMap, sourceVpcOffering);
+
+        return createVpcOffering(cmd);
+    }
+
+    private void validateProvider(VpcOffering sourceVpcOffering,
+                                  Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap,
+                                  String provider, String networkMode) {
+        provider = ConfigurationManagerImpl.getExternalNetworkProvider(provider, sourceServiceProviderMap);
+        if (provider != null && (provider.equals("NSX") || provider.equals("Netris"))) {
+            if (networkMode != null && sourceVpcOffering.getNetworkMode() != null) {
+                if (!networkMode.equalsIgnoreCase(sourceVpcOffering.getNetworkMode().toString())) {
+                    throw new InvalidParameterValueException(
+                            String.format("Cannot change network mode when cloning %s provider VPC offerings. " +
+                                            "Source offering has network mode '%s', but '%s' was specified. ",
+                                    provider, sourceVpcOffering.getNetworkMode(), networkMode));
+                }
+            }
+        }
+    }
+
+    private void applySourceOfferingValuesToCloneCmd(CloneVPCOfferingCmd cmd,
+                                                     Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap,
+                                                     VpcOffering sourceVpcOffering) {
+        Long sourceOfferingId = sourceVpcOffering.getId();
+
+        List<String> finalServices = resolveFinalServicesList(cmd, sourceServiceProviderMap);
+
+        Map finalServiceProviderMap = resolveServiceProviderMap(cmd, sourceServiceProviderMap, finalServices);
+
+        List<Long> sourceDomainIds = vpcOfferingDetailsDao.findDomainIds(sourceOfferingId);
+        List<Long> sourceZoneIds = vpcOfferingDetailsDao.findZoneIds(sourceOfferingId);
+
+        Map<String, String> sourceServiceCapabilityList = reconstructServiceCapabilityList(sourceVpcOffering);
+
+        applyResolvedValuesToCommand(cmd, (VpcOfferingVO)sourceVpcOffering, finalServices, finalServiceProviderMap,
+                sourceDomainIds, sourceZoneIds, sourceServiceCapabilityList);
+    }
+
+    /**
+     * Reconstructs the service capability list from the source VPC offering's stored capability flags.
+     * These capabilities were originally passed during creation and stored as boolean flags in the offering.
+     *
+     * Returns a Map in the format expected by CreateVPCOfferingCmd.serviceCapabilityList:
+     * Map<String, String> with keys like "0.service", "0.capabilitytype", "0.capabilityvalue"
+     */
+    private Map<String, String> reconstructServiceCapabilityList(VpcOffering sourceOffering) {
+        Map<String, String> capabilityList = new HashMap<>();
+        int index = 0;
+
+        if (sourceOffering.isOffersRegionLevelVPC()) {
+            capabilityList.put(index + ".service", Network.Service.Connectivity.getName());
+            capabilityList.put(index + ".capabilitytype", Network.Capability.RegionLevelVpc.getName());
+            capabilityList.put(index + ".capabilityvalue", "true");
+            index++;
+        }
+
+        if (sourceOffering.isSupportsDistributedRouter()) {
+            capabilityList.put(index + ".service", Network.Service.Connectivity.getName());
+            capabilityList.put(index + ".capabilitytype", Network.Capability.DistributedRouter.getName());
+            capabilityList.put(index + ".capabilityvalue", "true");
+            index++;
+        }
+
+        if (sourceOffering.isRedundantRouter()) {
+            Map<Network.Service, Set<Network.Provider>> serviceProviderMap = getVpcOffSvcProvidersMap(sourceOffering.getId());
+
+            // Check which service has VPCVirtualRouter provider - SourceNat takes precedence
+            Network.Service redundantRouterService = null;
+            for (Network.Service service : Arrays.asList(Network.Service.SourceNat, Network.Service.Gateway, Network.Service.StaticNat)) {
+                Set<Network.Provider> providers = serviceProviderMap.get(service);
+                if (providers != null && providers.contains(Network.Provider.VPCVirtualRouter)) {
+                    redundantRouterService = service;
+                    break;
+                }
+            }
+
+            if (redundantRouterService != null) {
+                capabilityList.put(index + ".service", redundantRouterService.getName());
+                capabilityList.put(index + ".capabilitytype", Network.Capability.RedundantRouter.getName());
+                capabilityList.put(index + ".capabilityvalue", "true");
+            }
+        }
+
+        return capabilityList;
+    }
+
+    private List<String> resolveFinalServicesList(CloneVPCOfferingCmd cmd,
+                                                  Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap) {
+
+        List<String> cmdServices = cmd.getSupportedServices();
+        List<String> addServices = cmd.getAddServices();
+        List<String> dropServices = cmd.getDropServices();
+
+        if (cmdServices != null && !cmdServices.isEmpty()) {
+            return cmdServices;
+        }
+
+        List<String> finalServices = new ArrayList<>();
+        for (Network.Service service : sourceServiceProviderMap.keySet()) {
+            finalServices.add(service.getName());
+        }
+
+        if (dropServices != null && !dropServices.isEmpty()) {
+            List<String> normalizedDropServices = new ArrayList<>();
+            for (String serviceName : dropServices) {
+                Network.Service service = Network.Service.getService(serviceName);
+                if (service == null) {
+                    throw new InvalidParameterValueException("Service " + serviceName + " is not supported in VPC");
+                }
+                normalizedDropServices.add(service.getName());
+            }
+            finalServices.removeAll(normalizedDropServices);
+            logger.debug("Dropped services from clone: {}", dropServices);
+        }
+
+        if (addServices != null && !addServices.isEmpty()) {
+            List<String> normalizedAddServices = new ArrayList<>();
+            for (String serviceName : addServices) {
+                Network.Service service = Network.Service.getService(serviceName);
+                if (service == null) {
+                    throw new InvalidParameterValueException("Service " + serviceName + " is not supported in VPC");
+                }
+                String canonicalName = service.getName();
+                if (!finalServices.contains(canonicalName)) {
+                    finalServices.add(canonicalName);
+                    normalizedAddServices.add(canonicalName);
+                }
+            }
+            logger.debug("Added services to clone: {}", addServices);
+        }
+
+        return finalServices;
+    }
+
+    private Map<String, List<String>> resolveServiceProviderMap(CloneVPCOfferingCmd cmd,
+                                                                Map<Network.Service, Set<Network.Provider>> sourceServiceProviderMap, List<String> finalServices) {
+
+        if (cmd.getServiceProviders() != null && !cmd.getServiceProviders().isEmpty()) {
+            return cmd.getServiceProviders();
+        }
+
+        Map<String, List<String>> finalMap = new HashMap<>();
+        for (Map.Entry<Network.Service, Set<Network.Provider>> entry : sourceServiceProviderMap.entrySet()) {
+            String serviceName = entry.getKey().getName();
+            if (finalServices.contains(serviceName)) {
+                List<String> providers = new ArrayList<>();
+                for (Network.Provider provider : entry.getValue()) {
+                    providers.add(provider.getName());
+                }
+                finalMap.put(serviceName, providers);
+            }
+        }
+
+        return finalMap;
+    }
+
+    /**
+     * Converts service provider map from Map<String, List<String>> to the indexed format
+     * expected by CreateVPCOfferingCmd.serviceProviderList parameter.
+     *
+     * Input: {"Dhcp": ["VpcVirtualRouter"], "Dns": ["VpcVirtualRouter"]}
+     * Output: {"0": {"service": "Dhcp", "provider": "VpcVirtualRouter"},
+     *          "1": {"service": "Dns", "provider": "VpcVirtualRouter"}}
+     */
+    private Map<String, Map<String, String>> convertToServiceProviderListFormat(Map<String, List<String>> serviceProviderMap) {
+        Map<String, Map<String, String>> result = new HashMap<>();
+        int index = 0;
+
+        for (Map.Entry<String, List<String>> entry : serviceProviderMap.entrySet()) {
+            String serviceName = entry.getKey();
+            List<String> providers = entry.getValue();
+
+            for (String providerName : providers) {
+                Map<String, String> serviceProviderEntry = new HashMap<>();
+                serviceProviderEntry.put("service", serviceName);
+                serviceProviderEntry.put("provider", providerName);
+                result.put(String.valueOf(index++), serviceProviderEntry);
+            }
+        }
+
+        return result;
+    }
+
+    private void applyResolvedValuesToCommand(CloneVPCOfferingCmd cmd, VpcOfferingVO sourceOffering,
+                                              List<String> finalServices, Map finalServiceProviderMap,
+                                              List<Long> sourceDomainIds, List<Long> sourceZoneIds,
+                                              Map<String, String> sourceServiceCapabilityList) {
+        try {
+            if (cmd.getSupportedServices() == null || cmd.getSupportedServices().isEmpty()) {
+                logger.debug("Setting supportedServices to {} services from source offering", finalServices.size());
+                ConfigurationManagerImpl.setField(cmd, "supportedServices", finalServices);
+            }
+
+            if (cmd.getServiceProviders() == null || cmd.getServiceProviders().isEmpty()) {
+                Map<String, Map<String, String>> convertedProviderMap = convertToServiceProviderListFormat(finalServiceProviderMap);
+                logger.debug("Setting serviceProviderList with {} provider mappings", convertedProviderMap.size());
+                ConfigurationManagerImpl.setField(cmd, "serviceProviderList", convertedProviderMap);
+            }
+
+            if ((cmd.getServiceCapabilityList() == null || cmd.getServiceCapabilityList().isEmpty())
+                    && sourceServiceCapabilityList != null && !sourceServiceCapabilityList.isEmpty()) {
+                Map<String, String> filteredCapabilities = filterServiceCapabilities(sourceServiceCapabilityList, finalServices);
+                if (!filteredCapabilities.isEmpty()) {
+                    ConfigurationManagerImpl.setField(cmd, "serviceCapabilityList", filteredCapabilities);
+                }
+            }
+
+            if (cmd.getDisplayText() == null && sourceOffering.getDisplayText() != null) {
+                ConfigurationManagerImpl.setField(cmd, "displayText", sourceOffering.getDisplayText());
+            }
+
+            if (cmd.getServiceOfferingId() == null && sourceOffering.getServiceOfferingId() != null) {
+                ConfigurationManagerImpl.setField(cmd, "serviceOfferingId", sourceOffering.getServiceOfferingId());
+            }
+
+            Boolean enableFieldValue = getRawFieldValue(cmd, "enable", Boolean.class);
+            if (enableFieldValue == null) {
+                Boolean enableState = sourceOffering.getState() == VpcOffering.State.Enabled;
+                ConfigurationManagerImpl.setField(cmd, "enable", enableState);
+            }
+
+            Boolean specifyAsNumberFieldValue = getRawFieldValue(cmd, "specifyAsNumber", Boolean.class);
+            if (specifyAsNumberFieldValue == null) {
+                ConfigurationManagerImpl.setField(cmd, "specifyAsNumber", sourceOffering.isSpecifyAsNumber());
+            }
+
+            if (cmd.getInternetProtocol() == null) {
+                String internetProtocol = vpcOfferingDetailsDao.getDetail(sourceOffering.getId(), ApiConstants.INTERNET_PROTOCOL);
+                if (internetProtocol != null) {
+                    ConfigurationManagerImpl.setField(cmd, "internetProtocol", internetProtocol);
+                }
+            }
+
+            if (cmd.getNetworkMode() == null && sourceOffering.getNetworkMode() != null) {
+                ConfigurationManagerImpl.setField(cmd, "networkMode", sourceOffering.getNetworkMode().toString());
+            }
+
+            if (cmd.getRoutingMode() == null && sourceOffering.getRoutingMode() != null) {
+                ConfigurationManagerImpl.setField(cmd, "routingMode", sourceOffering.getRoutingMode().toString());
+            }
+
+            if (cmd.getDomainIds() == null || cmd.getDomainIds().isEmpty()) {
+                if (sourceDomainIds != null && !sourceDomainIds.isEmpty()) {
+                    ConfigurationManagerImpl.setField(cmd, "domainIds", sourceDomainIds);
+                }
+            }
+
+            if (cmd.getZoneIds() == null || cmd.getZoneIds().isEmpty()) {
+                if (sourceZoneIds != null && !sourceZoneIds.isEmpty()) {
+                    ConfigurationManagerImpl.setField(cmd, "zoneIds", sourceZoneIds);
+                }
+            }
+
+        } catch (Exception e) {
+            logger.error("Failed to apply source offering parameters during clone: {}", e.getMessage(), e);
+            throw new CloudRuntimeException("Failed to apply source offering parameters during VPC offering clone", e);
+        }
+    }
+
+    private <T> T getRawFieldValue(Object obj, String fieldName, Class<T> expectedType) {
+        try {
+            java.lang.reflect.Field field = ConfigurationManagerImpl.findField(obj.getClass(), fieldName);
+            if (field != null) {
+                field.setAccessible(true);
+                Object value = field.get(obj);
+                if (value == null || expectedType.isInstance(value)) {
+                    return expectedType.cast(value);
+                }
+            }
+        } catch (Exception e) {
+            logger.debug("Could not get raw field value for {}: {}", fieldName, e.getMessage());
+        }
+        return null;
+    }
+
+    /**
+     * Filters service capabilities to only include those for services present in the final services list.
+     * This ensures that when services are dropped during cloning, their associated capabilities are also removed.
+     *
+     * @param sourceServiceCapabilityList The original capability list from the source VPC offering
+     *                                     in format: Map with keys like "0.service", "0.capabilitytype", "0.capabilityvalue"
+     * @param finalServices The list of service names that should be retained in the cloned offering
+     * @return Filtered map containing only capabilities for services in finalServices
+     */
+    private Map<String, String> filterServiceCapabilities(Map<String, String> sourceServiceCapabilityList,
+                                                          List<String> finalServices) {
+        Map<String, String> filteredCapabilities = new HashMap<>();
+
+        for (Map.Entry<String, String> entry : sourceServiceCapabilityList.entrySet()) {
+            String key = entry.getKey();
+            String value = entry.getValue();
+
+            // Check if this is a service key (e.g., "0.service", "1.service")
+            if (key.endsWith(".service")) {
+                String serviceName = value;
+                if (finalServices.contains(serviceName)) {
+                    // Include this service and its associated capability entries
+                    String prefix = key.substring(0, key.lastIndexOf('.'));
+                    filteredCapabilities.put(key, value);
+
+                    // Also include the capability type and value for this service
+                    String capabilityTypeKey = prefix + ".capabilitytype";
+                    String capabilityValueKey = prefix + ".capabilityvalue";
+                    if (sourceServiceCapabilityList.containsKey(capabilityTypeKey)) {
+                        filteredCapabilities.put(capabilityTypeKey, sourceServiceCapabilityList.get(capabilityTypeKey));
+                    }
+                    if (sourceServiceCapabilityList.containsKey(capabilityValueKey)) {
+                        filteredCapabilities.put(capabilityValueKey, sourceServiceCapabilityList.get(capabilityValueKey));
+                    }
+                }
+            }
+        }
+
+        return filteredCapabilities;
+    }
+
     private void validateConnectivtyServiceCapabilities(final Set<Provider> providers, final Map serviceCapabilitystList) {
         if (serviceCapabilitystList != null && !serviceCapabilitystList.isEmpty()) {
             final Collection serviceCapabilityCollection = serviceCapabilitystList.values();
@@ -2954,6 +3306,20 @@ public boolean applyStaticRouteForVpcVpnIfNeeded(final Long vpcId, boolean updat
         return true;
     }
 
+    protected boolean isNetworkOnVpc(Network network) {
+        return network.getVpcId() != null;
+    }
+
+    @Override
+    public boolean isNetworkOnVpcEnabledConserveMode(Network newRuleNetwork) {
+        if (isNetworkOnVpc(newRuleNetwork)) {
+            Vpc vpc = getActiveVpc(newRuleNetwork.getVpcId());
+            VpcOfferingVO vpcOffering = vpc != null ? _vpcOffDao.findById(vpc.getVpcOfferingId()) : null;
+            return vpcOffering != null && vpcOffering.isConserveMode();
+        }
+        return false;
+    }
+
     protected boolean applyStaticRoutes(final List<StaticRouteVO> routes, final Account caller, final boolean updateRoutesInDB) throws ResourceUnavailableException {
         final boolean success = true;
         final List<StaticRouteProfile> staticRouteProfiles = getVpcStaticRoutes(routes);
diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
index c68d9ea47984..f8c4d1d44d4c 100644
--- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@@ -132,6 +132,7 @@
 import org.apache.cloudstack.api.command.admin.management.RemoveManagementServerCmd;
 import org.apache.cloudstack.api.command.admin.network.AddNetworkDeviceCmd;
 import org.apache.cloudstack.api.command.admin.network.AddNetworkServiceProviderCmd;
+import org.apache.cloudstack.api.command.admin.network.CloneNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.CreateManagementNetworkIpRangeCmd;
 import org.apache.cloudstack.api.command.admin.network.CreateNetworkCmdByAdmin;
 import org.apache.cloudstack.api.command.admin.network.CreateNetworkOfferingCmd;
@@ -162,6 +163,8 @@
 import org.apache.cloudstack.api.command.admin.network.UpdatePhysicalNetworkCmd;
 import org.apache.cloudstack.api.command.admin.network.UpdatePodManagementNetworkIpRangeCmd;
 import org.apache.cloudstack.api.command.admin.network.UpdateStorageNetworkIpRangeCmd;
+import org.apache.cloudstack.api.command.admin.offering.CloneDiskOfferingCmd;
+import org.apache.cloudstack.api.command.admin.offering.CloneServiceOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.CreateDiskOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.CreateServiceOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.DeleteDiskOfferingCmd;
@@ -328,6 +331,7 @@
 import org.apache.cloudstack.api.command.admin.volume.ResizeVolumeCmdByAdmin;
 import org.apache.cloudstack.api.command.admin.volume.UpdateVolumeCmdByAdmin;
 import org.apache.cloudstack.api.command.admin.volume.UploadVolumeCmdByAdmin;
+import org.apache.cloudstack.api.command.admin.vpc.CloneVPCOfferingCmd;
 import org.apache.cloudstack.api.command.admin.vpc.CreatePrivateGatewayByAdminCmd;
 import org.apache.cloudstack.api.command.admin.vpc.CreateVPCCmdByAdmin;
 import org.apache.cloudstack.api.command.admin.vpc.CreateVPCOfferingCmd;
@@ -3860,6 +3864,7 @@ public List<Class<?>> getCommands() {
         cmdList.add(AddNetworkDeviceCmd.class);
         cmdList.add(AddNetworkServiceProviderCmd.class);
         cmdList.add(CreateNetworkOfferingCmd.class);
+        cmdList.add(CloneNetworkOfferingCmd.class);
         cmdList.add(CreatePhysicalNetworkCmd.class);
         cmdList.add(CreateStorageNetworkIpRangeCmd.class);
         cmdList.add(DeleteNetworkDeviceCmd.class);
@@ -3880,7 +3885,9 @@ public List<Class<?>> getCommands() {
         cmdList.add(ListDedicatedGuestVlanRangesCmd.class);
         cmdList.add(ReleaseDedicatedGuestVlanRangeCmd.class);
         cmdList.add(CreateDiskOfferingCmd.class);
+        cmdList.add(CloneDiskOfferingCmd.class);
         cmdList.add(CreateServiceOfferingCmd.class);
+        cmdList.add(CloneServiceOfferingCmd.class);
         cmdList.add(DeleteDiskOfferingCmd.class);
         cmdList.add(DeleteServiceOfferingCmd.class);
         cmdList.add(IsAccountAllowedToCreateOfferingsWithTagsCmd.class);
@@ -3965,6 +3972,7 @@ public List<Class<?>> getCommands() {
         cmdList.add(RecoverVMCmd.class);
         cmdList.add(CreatePrivateGatewayCmd.class);
         cmdList.add(CreateVPCOfferingCmd.class);
+        cmdList.add(CloneVPCOfferingCmd.class);
         cmdList.add(DeletePrivateGatewayCmd.class);
         cmdList.add(DeleteVPCOfferingCmd.class);
         cmdList.add(UpdateVPCOfferingCmd.class);
diff --git a/server/src/main/java/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java b/server/src/main/java/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
index d212e7435b29..a2ef86e3c0c1 100644
--- a/server/src/main/java/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
+++ b/server/src/main/java/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java
@@ -25,6 +25,8 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import org.springframework.beans.factory.NoSuchBeanDefinitionException;
+
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.ControlledEntity.ACLType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -41,6 +43,8 @@
 import com.cloud.domain.dao.DomainDao;
 import com.cloud.event.ActionEvent;
 import com.cloud.event.EventTypes;
+import com.cloud.kubernetes.cluster.KubernetesServiceHelper;
+import com.cloud.utils.component.ComponentContext;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.hypervisor.Hypervisor;
@@ -435,6 +439,13 @@ public UserVm updateVMAffinityGroups(Long vmId, List<Long> affinityGroupIds) {
         if (UserVmManager.SHAREDFSVM.equals(vmInstance.getUserVmType())) {
             throw new InvalidParameterValueException("Operation not supported on Shared FileSystem Instance");
         }
+        try {
+            KubernetesServiceHelper kubernetesServiceHelper =
+                    ComponentContext.getDelegateComponentOfType(KubernetesServiceHelper.class);
+            kubernetesServiceHelper.checkVmAffinityGroupsCanBeUpdated(vmInstance);
+        } catch (NoSuchBeanDefinitionException ignored) {
+            logger.debug("No KubernetesServiceHelper bean found");
+        }
         if (Hypervisor.HypervisorType.External.equals(vmInstance.getHypervisorType())) {
             logger.error("Update VM Affinity Group not supported for {} as it is {} hypervisor instance",
                     vmInstance, Hypervisor.HypervisorType.External.name());
diff --git a/server/src/main/java/org/apache/cloudstack/backup/BackupManagerImpl.java b/server/src/main/java/org/apache/cloudstack/backup/BackupManagerImpl.java
index ed8391fe0c65..db636c7f0f42 100644
--- a/server/src/main/java/org/apache/cloudstack/backup/BackupManagerImpl.java
+++ b/server/src/main/java/org/apache/cloudstack/backup/BackupManagerImpl.java
@@ -42,6 +42,7 @@
 import org.apache.cloudstack.api.ApiCommandResourceType;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.InternalIdentity;
+import org.apache.cloudstack.api.command.admin.backup.CloneBackupOfferingCmd;
 import org.apache.cloudstack.api.command.admin.backup.DeleteBackupOfferingCmd;
 import org.apache.cloudstack.api.command.admin.backup.ImportBackupOfferingCmd;
 import org.apache.cloudstack.api.command.admin.backup.ListBackupProviderOfferingsCmd;
@@ -325,7 +326,6 @@ public BackupOffering importBackupOffering(final ImportBackupOfferingCmd cmd) {
         return savedOffering;
     }
 
-    @Override
     public List<Long> getBackupOfferingDomains(Long offeringId) {
         final BackupOffering backupOffering = backupOfferingDao.findById(offeringId);
         if (backupOffering == null) {
@@ -334,6 +334,78 @@ public List<Long> getBackupOfferingDomains(Long offeringId) {
         return backupOfferingDetailsDao.findDomainIds(offeringId);
     }
 
+    @Override
+    @ActionEvent(eventType = EventTypes.EVENT_VM_BACKUP_OFFERING_CLONE, eventDescription = "cloning backup offering")
+    public BackupOffering cloneBackupOffering(final CloneBackupOfferingCmd cmd) {
+        final BackupOfferingVO sourceOffering = backupOfferingDao.findById(cmd.getSourceOfferingId());
+        if (sourceOffering == null) {
+            throw new InvalidParameterValueException("Unable to find backup offering with ID: " + cmd.getSourceOfferingId());
+        }
+
+        validateBackupForZone(sourceOffering.getZoneId());
+
+        if (backupOfferingDao.findByName(cmd.getName(), sourceOffering.getZoneId()) != null) {
+            throw new CloudRuntimeException("A backup offering with the name '" + cmd.getName() + "' already exists in this zone");
+        }
+
+        final String description = cmd.getDescription() != null ? cmd.getDescription() : sourceOffering.getDescription();
+        final String externalId = cmd.getExternalId() != null ? cmd.getExternalId() : sourceOffering.getExternalId();
+        final boolean userDrivenBackups = cmd.getUserDrivenBackups() != null ? cmd.getUserDrivenBackups() : sourceOffering.isUserDrivenBackupAllowed();
+        final Long zoneId = cmd.getZoneId() != null ? cmd.getZoneId() : sourceOffering.getZoneId();
+
+        if (!Objects.equals(sourceOffering.getExternalId(), externalId) || !Objects.equals(sourceOffering.getZoneId(), zoneId)) {
+            final BackupProvider provider = getBackupProvider(zoneId);
+            if (!provider.isValidProviderOffering(zoneId, externalId)) {
+                throw new CloudRuntimeException("Backup offering '" + externalId + "' does not exist on provider " + provider.getName() + " on zone " + zoneId);
+            }
+        }
+
+        final BackupOffering existingOffering = backupOfferingDao.findByExternalId(externalId, zoneId);
+        if (existingOffering != null) {
+            throw new CloudRuntimeException("A backup offering with external ID '" + externalId + "' already exists in this zone");
+        }
+
+        final BackupOfferingVO clonedOffering = new BackupOfferingVO(
+                zoneId,
+                externalId,
+                sourceOffering.getProvider(),
+                cmd.getName(),
+                description,
+                userDrivenBackups
+        );
+
+        final BackupOfferingVO savedOffering = backupOfferingDao.persist(clonedOffering);
+        if (savedOffering == null) {
+            throw new CloudRuntimeException("Unable to clone backup offering from ID: " + cmd.getSourceOfferingId());
+        }
+
+        List<Long> filteredDomainIds = cmd.getDomainIds() == null ? new ArrayList<>() : new ArrayList<>(cmd.getDomainIds());
+        Collections.sort(filteredDomainIds);
+        updateBackupOfferingDomainDetail(savedOffering, filteredDomainIds);
+
+        logger.debug("Successfully cloned backup offering '" + sourceOffering.getName() + "' (ID: " + cmd.getSourceOfferingId() + ") to '" + cmd.getName() + "' (ID: " + savedOffering.getId() + ")");
+        return savedOffering;
+    }
+
+    private void updateBackupOfferingDomainDetail(BackupOfferingVO savedOffering, List<Long> filteredDomainIds) {
+        if (filteredDomainIds.size() > 1) {
+            filteredDomainIds = domainHelper.filterChildSubDomains(filteredDomainIds);
+        }
+
+        if (CollectionUtils.isNotEmpty(filteredDomainIds)) {
+            List<BackupOfferingDetailsVO> detailsVOList = new ArrayList<>();
+            for (Long domainId : filteredDomainIds) {
+                if (domainDao.findById(domainId) == null) {
+                    throw new InvalidParameterValueException("Please specify a valid domain id");
+                }
+                detailsVOList.add(new BackupOfferingDetailsVO(savedOffering.getId(), ApiConstants.DOMAIN_ID, String.valueOf(domainId), false));
+            }
+            if (!detailsVOList.isEmpty()) {
+                backupOfferingDetailsDao.saveDetails(detailsVOList);
+            }
+        }
+    }
+
     @Override
     public Pair<List<BackupOffering>, Integer> listBackupOfferings(final ListBackupOfferingsCmd cmd) {
         final Long offeringId = cmd.getOfferingId();
@@ -1745,6 +1817,7 @@ public List<Class<?>> getCommands() {
         cmdList.add(ListBackupProvidersCmd.class);
         cmdList.add(ListBackupProviderOfferingsCmd.class);
         cmdList.add(ImportBackupOfferingCmd.class);
+        cmdList.add(CloneBackupOfferingCmd.class);
         cmdList.add(ListBackupOfferingsCmd.class);
         cmdList.add(DeleteBackupOfferingCmd.class);
         cmdList.add(UpdateBackupOfferingCmd.class);
diff --git a/server/src/test/java/com/cloud/configuration/ConfigurationManagerCloneIntegrationTest.java b/server/src/test/java/com/cloud/configuration/ConfigurationManagerCloneIntegrationTest.java
new file mode 100644
index 000000000000..67d43bf6933b
--- /dev/null
+++ b/server/src/test/java/com/cloud/configuration/ConfigurationManagerCloneIntegrationTest.java
@@ -0,0 +1,1054 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.configuration;
+
+import com.cloud.dc.dao.DataCenterDao;
+import com.cloud.domain.Domain;
+import com.cloud.domain.DomainVO;
+import com.cloud.domain.dao.DomainDao;
+import com.cloud.exception.InvalidParameterValueException;
+import com.cloud.network.Network;
+import com.cloud.network.Networks;
+import com.cloud.offering.DiskOffering;
+import com.cloud.offering.NetworkOffering;
+import com.cloud.offering.ServiceOffering;
+import com.cloud.offerings.NetworkOfferingVO;
+import com.cloud.offerings.dao.NetworkOfferingDao;
+import com.cloud.offerings.dao.NetworkOfferingServiceMapDao;
+import com.cloud.service.ServiceOfferingVO;
+import com.cloud.service.dao.ServiceOfferingDao;
+import com.cloud.service.dao.ServiceOfferingDetailsDao;
+import com.cloud.storage.DiskOfferingVO;
+import com.cloud.storage.Storage;
+import com.cloud.storage.dao.DiskOfferingDao;
+import com.cloud.user.Account;
+import com.cloud.user.AccountVO;
+import com.cloud.user.User;
+import com.cloud.user.UserVO;
+import com.cloud.user.dao.AccountDao;
+import com.cloud.user.dao.UserDao;
+import com.cloud.utils.DomainHelper;
+import com.cloud.utils.db.EntityManager;
+import com.cloud.vm.VirtualMachine;
+import com.cloud.gpu.dao.VgpuProfileDao;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.command.admin.network.CloneNetworkOfferingCmd;
+import org.apache.cloudstack.api.command.admin.offering.CloneDiskOfferingCmd;
+import org.apache.cloudstack.api.command.admin.offering.CloneServiceOfferingCmd;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.resourcedetail.dao.DiskOfferingDetailsDao;
+import org.apache.cloudstack.vm.lease.VMLeaseManager;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+import org.mockito.Spy;
+import org.mockito.junit.MockitoJUnitRunner;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.anyList;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.ArgumentMatchers.anyMap;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.Silent.class)
+public class ConfigurationManagerCloneIntegrationTest {
+
+    @InjectMocks
+    @Spy
+    private ConfigurationManagerImpl configurationManager;
+
+    @Mock
+    private ServiceOfferingDao serviceOfferingDao;
+
+    @Mock
+    private ServiceOfferingDetailsDao serviceOfferingDetailsDao;
+
+    @Mock
+    private DiskOfferingDao diskOfferingDao;
+
+    @Mock
+    private DiskOfferingDetailsDao diskOfferingDetailsDao;
+
+    @Mock
+    private NetworkOfferingDao networkOfferingDao;
+
+    @Mock
+    private NetworkOfferingServiceMapDao networkOfferingServiceMapDao;
+
+    @Mock
+    private DomainDao domainDao;
+
+    @Mock
+    private DataCenterDao dataCenterDao;
+
+    @Mock
+    private EntityManager entityManager;
+
+    @Mock
+    private com.cloud.network.NetworkModel _networkModel;
+
+    @Mock
+    private com.cloud.offerings.dao.NetworkOfferingDetailsDao networkOfferingDetailsDao;
+
+    @Mock
+    private VgpuProfileDao vgpuProfileDao;
+
+    @Mock
+    private AccountDao accountDao;
+
+    @Mock
+    private UserDao userDao;
+
+    @Mock
+    private DomainHelper domainHelper;
+
+    private MockedStatic<CallContext> callContextMock;
+
+    @Before
+    public void setUp() {
+        callContextMock = Mockito.mockStatic(CallContext.class);
+        CallContext callContext = mock(CallContext.class);
+        callContextMock.when(CallContext::current).thenReturn(callContext);
+
+        AccountVO account = mock(AccountVO.class);
+        User user = mock(User.class);
+        Domain domain = mock(DomainVO.class);
+        UserVO userVO = mock(UserVO.class);
+
+        Mockito.lenient().when(callContext.getCallingAccount()).thenReturn(account);
+        Mockito.lenient().when(callContext.getCallingUser()).thenReturn(user);
+        Mockito.lenient().when(callContext.getCallingUserId()).thenReturn(1L);
+        Mockito.lenient().when(account.getDomainId()).thenReturn(1L);
+        Mockito.lenient().when(account.getId()).thenReturn(1L);
+        Mockito.lenient().when(user.getId()).thenReturn(1L);
+        Mockito.lenient().when(entityManager.findById(eq(Domain.class), anyLong())).thenReturn(domain);
+
+        Mockito.doAnswer(invocation -> {
+            DiskOfferingVO d = mock(DiskOfferingVO.class);
+            when(d.getId()).thenReturn(999L);
+            return d;
+        }).when(configurationManager).createDiskOffering(
+            anyLong(), anyList(), anyList(), anyString(), anyString(), anyString(),
+            anyLong(), anyString(), anyBoolean(), anyBoolean(), anyBoolean(), any(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyInt(), anyString(), any(), anyLong(), anyBoolean(), anyBoolean());
+
+
+        // User/Account DAO stubs used by createDiskOffering
+        Mockito.lenient().when(userDao.findById(anyLong())).thenReturn(userVO);
+        Mockito.lenient().when(userVO.getAccountId()).thenReturn(1L);
+        Mockito.lenient().when(userVO.getRemoved()).thenReturn(null);
+        Mockito.lenient().when(accountDao.findById(anyLong())).thenReturn(account);
+        Mockito.lenient().when(account.getType()).thenReturn(Account.Type.ADMIN);
+    }
+
+    @After
+    public void tearDown() {
+        if (callContextMock != null) {
+            callContextMock.close();
+        }
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCloneServiceOfferingFailsWhenSourceNotFound() {
+        CloneServiceOfferingCmd cmd = mock(CloneServiceOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(999L);
+        when(cmd.getServiceOfferingName()).thenReturn("cloned-offering");
+        when(serviceOfferingDao.findById(999L)).thenReturn(null);
+
+        configurationManager.cloneServiceOffering(cmd);
+    }
+
+    @Test
+    public void testCloneServiceOfferingInheritsAllPropertiesFromSource() {
+        Long sourceId = 1L;
+
+        ServiceOfferingVO sourceOffering = mock(ServiceOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-offering");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Display Text");
+        when(sourceOffering.getCpu()).thenReturn(2);
+        when(sourceOffering.getSpeed()).thenReturn(1000);
+        when(sourceOffering.getRamSize()).thenReturn(2048);
+        when(sourceOffering.isOfferHA()).thenReturn(true);
+        when(sourceOffering.getLimitCpuUse()).thenReturn(false);
+        when(sourceOffering.isVolatileVm()).thenReturn(false);
+        when(sourceOffering.isCustomized()).thenReturn(false);
+        when(sourceOffering.isDynamicScalingEnabled()).thenReturn(true);
+        when(sourceOffering.getDiskOfferingStrictness()).thenReturn(false);
+        when(sourceOffering.getHostTag()).thenReturn("host-tag");
+        when(sourceOffering.getRateMbps()).thenReturn(100);
+        when(sourceOffering.getDeploymentPlanner()).thenReturn("FirstFitPlanner");
+        when(sourceOffering.isSystemUse()).thenReturn(false);
+        when(sourceOffering.getVmType()).thenReturn(VirtualMachine.Type.User.toString());
+        when(sourceOffering.getDiskOfferingId()).thenReturn(null);
+        when(sourceOffering.getVgpuProfileId()).thenReturn(null);
+        when(sourceOffering.getGpuCount()).thenReturn(null);
+        when(sourceOffering.getGpuDisplay()).thenReturn(false);
+
+        CloneServiceOfferingCmd cmd = mock(CloneServiceOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getServiceOfferingName()).thenReturn("cloned-offering");
+        when(cmd.getFullUrlParams()).thenReturn(new HashMap<>());
+        // Ensure no vGPU is specified in the command (explicitly stub to null)
+        when(cmd.getVgpuProfileId()).thenReturn(null);
+        when(cmd.getGpuCount()).thenReturn(null);
+
+        when(serviceOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+
+        ServiceOfferingVO clonedOffering = mock(ServiceOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-offering");
+        when(clonedOffering.getCpu()).thenReturn(2);
+        when(clonedOffering.getSpeed()).thenReturn(1000);
+        when(clonedOffering.getRamSize()).thenReturn(2048);
+
+        when(serviceOfferingDao.persist(any(ServiceOfferingVO.class))).thenReturn(clonedOffering);
+
+        DiskOfferingVO persistedDisk = mock(DiskOfferingVO.class);
+        when(persistedDisk.getId()).thenReturn(999L);
+        when(diskOfferingDao.findById(anyLong())).thenReturn(persistedDisk);
+        when(persistedDisk.getProvisioningType()).thenReturn(Storage.ProvisioningType.THIN);
+        when(diskOfferingDao.persist(any(DiskOfferingVO.class))).thenReturn(persistedDisk);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createServiceOffering(
+            anyLong(), anyBoolean(), any(VirtualMachine.Type.class), anyString(),
+            any(Integer.class), any(Integer.class), any(Integer.class), anyString(), anyString(), anyBoolean(),
+            anyBoolean(), anyBoolean(), anyBoolean(), anyString(), anyList(), anyList(), anyString(), any(Integer.class),
+            anyString(), anyMap(), anyLong(), any(Boolean.class),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            any(Integer.class), anyString(), anyLong(), anyBoolean(), anyLong(), anyBoolean(), anyBoolean(), anyBoolean(),
+            anyLong(), any(Integer.class), any(Boolean.class), anyBoolean(), any(Integer.class), any(VMLeaseManager.ExpiryAction.class)
+        );
+
+        ServiceOffering result = configurationManager.cloneServiceOffering(cmd);
+
+        Assert.assertNotNull("Cloned offering should not be null", result);
+        verify(serviceOfferingDao).findById(sourceId);
+        Assert.assertEquals("Cloned offering should have correct name", "cloned-offering", result.getName());
+        Assert.assertEquals("Cloned offering should inherit CPU count", Integer.valueOf(2), result.getCpu());
+        Assert.assertEquals("Cloned offering should inherit CPU speed", Integer.valueOf(1000), result.getSpeed());
+        Assert.assertEquals("Cloned offering should inherit RAM", Integer.valueOf(2048), result.getRamSize());
+    }
+
+    @Test
+    public void testCloneServiceOfferingOverridesProvidedParameters() {
+        Long sourceId = 1L;
+
+        ServiceOfferingVO sourceOffering = mock(ServiceOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-offering");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Display Text");
+        when(sourceOffering.getCpu()).thenReturn(2);
+        when(sourceOffering.getSpeed()).thenReturn(1000);
+        when(sourceOffering.getRamSize()).thenReturn(2048);
+        when(sourceOffering.isOfferHA()).thenReturn(true);
+        when(sourceOffering.getLimitCpuUse()).thenReturn(false);
+        when(sourceOffering.isVolatileVm()).thenReturn(false);
+        when(sourceOffering.isCustomized()).thenReturn(false);
+        when(sourceOffering.isDynamicScalingEnabled()).thenReturn(true);
+        when(sourceOffering.getDiskOfferingStrictness()).thenReturn(false);
+        when(sourceOffering.isSystemUse()).thenReturn(false);
+        when(sourceOffering.getVmType()).thenReturn(VirtualMachine.Type.User.toString());
+        when(sourceOffering.getDiskOfferingId()).thenReturn(1L);
+        when(sourceOffering.getVgpuProfileId()).thenReturn(null);
+        when(sourceOffering.getGpuCount()).thenReturn(null);
+
+        CloneServiceOfferingCmd cmd = mock(CloneServiceOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getServiceOfferingName()).thenReturn("cloned-offering");
+        when(cmd.getDisplayText()).thenReturn("New Display Text");
+        when(cmd.getCpuNumber()).thenReturn(4);
+        when(cmd.getCpuSpeed()).thenReturn(2000);
+        when(cmd.getMemory()).thenReturn(4096);
+        when(cmd.getVgpuProfileId()).thenReturn(null);
+        when(cmd.getGpuCount()).thenReturn(null);
+        when(cmd.getDiskOfferingId()).thenReturn(null);
+
+        DiskOfferingVO diskOffering = mock(DiskOfferingVO.class);
+        when(diskOfferingDao.findById(1L)).thenReturn(diskOffering);
+        when(diskOffering.getProvisioningType()).thenReturn(Storage.ProvisioningType.THIN);
+
+        Map<String, String> params = new HashMap<>();
+        params.put(ApiConstants.OFFER_HA, "false");
+        when(cmd.getFullUrlParams()).thenReturn(params);
+        when(cmd.isOfferHa()).thenReturn(false);
+
+        when(serviceOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+
+        ServiceOfferingVO clonedOffering = mock(ServiceOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-offering");
+        when(clonedOffering.getDisplayText()).thenReturn("New Display Text");
+        when(clonedOffering.getCpu()).thenReturn(4);
+        when(clonedOffering.getSpeed()).thenReturn(2000);
+        when(clonedOffering.getRamSize()).thenReturn(4096);
+        when(clonedOffering.isOfferHA()).thenReturn(false);
+
+        when(serviceOfferingDao.persist(any(ServiceOfferingVO.class))).thenReturn(clonedOffering);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createServiceOffering(
+            anyLong(), anyBoolean(), any(), anyString(), eq(4), eq(4096), eq(2000),
+            anyString(), anyString(), anyBoolean(), eq(false), anyBoolean(), anyBoolean(),
+            anyString(), anyList(), anyList(), anyString(), anyInt(), anyString(), any(),
+            anyLong(), anyBoolean(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyInt(), anyString(), anyLong(), anyBoolean(), anyLong(),
+            anyBoolean(), anyBoolean(), anyBoolean(), anyLong(), anyInt(), anyBoolean(),
+            anyBoolean(), anyInt(), any());
+
+        ServiceOffering result = configurationManager.cloneServiceOffering(cmd);
+
+        Assert.assertNotNull("Cloned offering should not be null", result);
+        verify(serviceOfferingDao).findById(sourceId);
+        Assert.assertEquals("Cloned offering should override display text", "New Display Text", result.getDisplayText());
+        Assert.assertEquals("Cloned offering should override CPU count", Integer.valueOf(4), result.getCpu());
+        Assert.assertEquals("Cloned offering should override CPU speed", Integer.valueOf(2000), result.getSpeed());
+        Assert.assertEquals("Cloned offering should override RAM", Integer.valueOf(4096), result.getRamSize());
+        Assert.assertEquals("Cloned offering should override HA", Boolean.FALSE, result.isOfferHA());
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCloneDiskOfferingFailsWhenSourceNotFound() {
+        CloneDiskOfferingCmd cmd = mock(CloneDiskOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(999L);
+        when(cmd.getOfferingName()).thenReturn("cloned-disk-offering");
+        when(diskOfferingDao.findById(999L)).thenReturn(null);
+
+        configurationManager.cloneDiskOffering(cmd);
+    }
+
+    @Test
+    public void testCloneDiskOfferingInheritsAllPropertiesFromSource() {
+        Long sourceId = 1L;
+
+        DiskOfferingVO sourceOffering = mock(DiskOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-disk");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Disk Display");
+        when(sourceOffering.getDiskSize()).thenReturn(10L);
+        when(sourceOffering.getTags()).thenReturn("tag1");
+        when(sourceOffering.isCustomized()).thenReturn(false);
+        when(sourceOffering.getDisplayOffering()).thenReturn(true);
+        when(sourceOffering.isCustomizedIops()).thenReturn(false);
+        when(sourceOffering.getDiskSizeStrictness()).thenReturn(false);
+        when(sourceOffering.getEncrypt()).thenReturn(false);
+        when(sourceOffering.isUseLocalStorage()).thenReturn(false);
+        when(sourceOffering.getProvisioningType()).thenReturn(Storage.ProvisioningType.THIN);
+        when(sourceOffering.getMinIops()).thenReturn(1000L);
+        when(sourceOffering.getMaxIops()).thenReturn(2000L);
+
+        CloneDiskOfferingCmd cmd = mock(CloneDiskOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getOfferingName()).thenReturn("cloned-disk-offering");
+        when(cmd.getDiskSize()).thenReturn(null);
+        when(diskOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(diskOfferingDetailsDao.findDomainIds(sourceId)).thenReturn(Collections.emptyList());
+        when(diskOfferingDetailsDao.findZoneIds(sourceId)).thenReturn(Collections.emptyList());
+        when(diskOfferingDetailsDao.getDetail(eq(sourceId), anyString())).thenReturn(null);
+        when(cmd.getMinIops()).thenReturn(null);
+        when(cmd.getMaxIops()).thenReturn(null);
+
+        DiskOfferingVO clonedOffering = mock(DiskOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-disk-offering");
+        when(clonedOffering.getDisplayText()).thenReturn("Source Disk Display");
+        when(clonedOffering.getDiskSize()).thenReturn(10L);
+        when(clonedOffering.getTags()).thenReturn("tag1");
+        when(diskOfferingDao.persist(any(DiskOfferingVO.class))).thenReturn(clonedOffering);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createDiskOffering(
+            anyLong(), anyList(), anyList(), anyString(), anyString(), anyString(),
+            anyLong(), anyString(), anyBoolean(), anyBoolean(), anyBoolean(), any(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyInt(), anyString(), any(), anyLong(), anyBoolean(), anyBoolean());
+
+        DiskOffering result = configurationManager.cloneDiskOffering(cmd);
+
+        Assert.assertNotNull("Cloned disk offering should not be null", result);
+        verify(diskOfferingDao).findById(sourceId);
+        Assert.assertEquals("Cloned offering should have correct name", "cloned-disk-offering", result.getName());
+        Assert.assertEquals("Cloned offering should inherit display text", "Source Disk Display", result.getDisplayText());
+        Assert.assertEquals("Cloned offering should inherit disk size", 10L, result.getDiskSize());
+        Assert.assertEquals("Cloned offering should inherit tags", "tag1", result.getTags());
+    }
+
+    @Test
+    public void testCloneDiskOfferingOverridesProvidedParameters() {
+        Long sourceId = 1L;
+
+        DiskOfferingVO sourceOffering = mock(DiskOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-disk");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Disk Display");
+        when(sourceOffering.getDiskSize()).thenReturn(100L);
+        when(sourceOffering.getTags()).thenReturn("tag1");
+        when(sourceOffering.isCustomized()).thenReturn(false);
+        when(sourceOffering.getProvisioningType()).thenReturn(Storage.ProvisioningType.THIN);
+        when(sourceOffering.isUseLocalStorage()).thenReturn(false);
+
+        CloneDiskOfferingCmd cmd = mock(CloneDiskOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getOfferingName()).thenReturn("cloned-disk-offering");
+        when(cmd.getDisplayText()).thenReturn("New Disk Display");
+        when(cmd.getDiskSize()).thenReturn(20L);
+        when(cmd.getTags()).thenReturn("tag1,tag2");
+        when(cmd.getFullUrlParams()).thenReturn(new HashMap<>());
+        when(cmd.getMinIops()).thenReturn(100L);
+        when(cmd.getMaxIops()).thenReturn(200L);
+
+        when(diskOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(diskOfferingDetailsDao.findDomainIds(sourceId)).thenReturn(Collections.emptyList());
+        when(diskOfferingDetailsDao.findZoneIds(sourceId)).thenReturn(Collections.emptyList());
+        when(diskOfferingDetailsDao.getDetail(eq(sourceId), anyString())).thenReturn(null);
+
+        DiskOfferingVO clonedOffering = mock(DiskOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-disk-offering");
+        when(clonedOffering.getDisplayText()).thenReturn("New Disk Display");
+        when(clonedOffering.getDiskSize()).thenReturn(21L);
+        when(clonedOffering.getTags()).thenReturn("tag1,tag2");
+
+        // Ensure the real createDiskOffering path will return our mocked offering when it calls persist
+        when(diskOfferingDao.persist(any(DiskOfferingVO.class))).thenReturn(clonedOffering);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createDiskOffering(
+            anyLong(), anyList(), anyList(), eq("cloned-disk-offering"), eq("New Disk Display"), anyString(),
+            anyLong(), eq("tag1,tag2"), anyBoolean(), anyBoolean(), anyBoolean(), any(),
+            eq(100L), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyInt(), anyString(), any(), anyLong(), anyBoolean(), anyBoolean());
+
+        DiskOffering result = configurationManager.cloneDiskOffering(cmd);
+
+        Assert.assertNotNull("Cloned disk offering should not be null", result);
+        verify(diskOfferingDao).findById(sourceId);
+    }
+
+    @Test
+    public void testCloneDiskOfferingInheritsDomainAndZoneRestrictions() {
+        Long sourceId = 1L;
+
+        List<Long> domainIds = new ArrayList<>();
+        domainIds.add(1L);
+        domainIds.add(2L);
+
+        List<Long> zoneIds = new ArrayList<>();
+        zoneIds.add(1L);
+
+        DiskOfferingVO sourceOffering = mock(DiskOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-disk");
+        when(sourceOffering.getProvisioningType()).thenReturn(Storage.ProvisioningType.THIN);
+        when(sourceOffering.isUseLocalStorage()).thenReturn(false);
+        when(sourceOffering.getDiskSize()).thenReturn(10L);
+        when(sourceOffering.getMinIops()).thenReturn(1000L);
+        when(sourceOffering.getMaxIops()).thenReturn(2000L);
+
+        CloneDiskOfferingCmd cmd = mock(CloneDiskOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getOfferingName()).thenReturn("cloned-disk-offering");
+        when(cmd.getFullUrlParams()).thenReturn(new HashMap<>());
+        when(cmd.getDomainIds()).thenReturn(null);
+        when(cmd.getZoneIds()).thenReturn(null);
+        when(cmd.getDiskSize()).thenReturn(null);
+        when(cmd.getMinIops()).thenReturn(null);
+        when(cmd.getMaxIops()).thenReturn(null);
+
+
+        when(diskOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(diskOfferingDetailsDao.findDomainIds(sourceId)).thenReturn(domainIds);
+        when(diskOfferingDetailsDao.findZoneIds(sourceId)).thenReturn(zoneIds);
+        when(diskOfferingDetailsDao.getDetail(eq(sourceId), anyString())).thenReturn(null);
+
+        DiskOfferingVO clonedOffering = mock(DiskOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(diskOfferingDao.persist(any(DiskOfferingVO.class))).thenReturn(clonedOffering);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createDiskOffering(
+            anyLong(), eq(domainIds), eq(zoneIds), anyString(), anyString(), anyString(),
+            anyLong(), anyString(), anyBoolean(), anyBoolean(), anyBoolean(), any(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyInt(), anyString(), any(), anyLong(), anyBoolean(), anyBoolean());
+
+        DiskOffering result = configurationManager.cloneDiskOffering(cmd);
+
+        Assert.assertNotNull("Cloned disk offering should not be null", result);
+        verify(diskOfferingDao).findById(sourceId);
+        verify(diskOfferingDetailsDao).findDomainIds(sourceId);
+        verify(diskOfferingDetailsDao).findZoneIds(sourceId);
+    }
+
+    @Test
+    public void testCloneServiceOfferingCanInheritDetailsFromSource() {
+        Long sourceId = 1L;
+
+        ServiceOfferingVO sourceOffering = mock(ServiceOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getCpu()).thenReturn(2);
+        when(sourceOffering.getSpeed()).thenReturn(1000);
+        when(sourceOffering.getRamSize()).thenReturn(2048);
+        when(sourceOffering.isSystemUse()).thenReturn(false);
+        when(sourceOffering.getVmType()).thenReturn(VirtualMachine.Type.User.toString());
+        when(sourceOffering.getVgpuProfileId()).thenReturn(null);
+        when(sourceOffering.getGpuCount()).thenReturn(null);
+
+        CloneServiceOfferingCmd cmd = mock(CloneServiceOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getServiceOfferingName()).thenReturn("cloned-offering");
+        when(cmd.getFullUrlParams()).thenReturn(new HashMap<>());
+        when(cmd.getDetails()).thenReturn(null);
+        when(cmd.getVgpuProfileId()).thenReturn(null);
+        when(cmd.getGpuCount()).thenReturn(null);
+
+        when(serviceOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        DiskOfferingVO diskOfferingVO = mock(DiskOfferingVO.class);
+        when(diskOfferingDao.findById(anyLong())).thenReturn(diskOfferingVO);
+        when(diskOfferingVO.getProvisioningType()).thenReturn(Storage.ProvisioningType.THIN);
+
+        ServiceOfferingVO clonedOffering = mock(ServiceOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(serviceOfferingDao.persist(any(ServiceOfferingVO.class))).thenReturn(clonedOffering);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createServiceOffering(
+            anyLong(), anyBoolean(), any(), anyString(), anyInt(), anyInt(), anyInt(),
+            anyString(), anyString(), anyBoolean(), anyBoolean(), anyBoolean(), anyBoolean(),
+            anyString(), anyList(), anyList(), anyString(), anyInt(), anyString(), any(),
+            anyLong(), anyBoolean(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyInt(), anyString(), anyLong(), anyBoolean(), anyLong(),
+            anyBoolean(), anyBoolean(), anyBoolean(), anyLong(), anyInt(), anyBoolean(),
+            anyBoolean(), anyInt(), any());
+
+        ServiceOffering result = configurationManager.cloneServiceOffering(cmd);
+
+        Assert.assertNotNull("Cloned offering should not be null", result);
+        verify(serviceOfferingDao).findById(sourceId);
+    }
+
+    @Test
+    public void testCloneDiskOfferingVerifiesInheritedValues() {
+        Long sourceId = 1L;
+
+        DiskOfferingVO sourceOffering = new DiskOfferingVO("source-disk", "Source Disk Offering",
+            Storage.ProvisioningType.THIN, 50L, "production,ssd", false, false, 1000L, 5000L);
+        sourceOffering.setDisplayOffering(true);
+        sourceOffering.setDiskSizeStrictness(false);
+        sourceOffering.setEncrypt(true);
+        sourceOffering.setUseLocalStorage(false);
+        sourceOffering.setHypervisorSnapshotReserve(20);
+
+        CloneDiskOfferingCmd cmd = mock(CloneDiskOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getOfferingName()).thenReturn("cloned-disk-offering");
+        when(cmd.getFullUrlParams()).thenReturn(new HashMap<>());
+        when(cmd.getDiskSize()).thenReturn(null);
+        when(cmd.getMinIops()).thenReturn(null);
+        when(cmd.getMaxIops()).thenReturn(null);
+
+        when(diskOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(diskOfferingDetailsDao.findDomainIds(sourceId)).thenReturn(Collections.emptyList());
+        when(diskOfferingDetailsDao.findZoneIds(sourceId)).thenReturn(Collections.emptyList());
+        when(diskOfferingDetailsDao.getDetail(eq(sourceId), anyString())).thenReturn(null);
+
+        DiskOfferingVO clonedOffering = new DiskOfferingVO("cloned-disk-offering", "Source Disk Offering",
+            Storage.ProvisioningType.THIN, 50L, "production,ssd", false, false, 1000L, 5000L);
+        clonedOffering.setEncrypt(true);
+        clonedOffering.setHypervisorSnapshotReserve(20);
+        when(diskOfferingDao.persist(any(DiskOfferingVO.class))).thenReturn(clonedOffering);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createDiskOffering(
+            anyLong(), anyList(), anyList(), eq("cloned-disk-offering"), eq("Source Disk Offering"),
+            anyString(), eq(50L), eq("production,ssd"), anyBoolean(), anyBoolean(),
+            anyBoolean(), any(), eq(1000L), eq(5000L), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), eq(20), anyString(), any(), anyLong(), anyBoolean(),
+            eq(true));
+
+        DiskOffering result = configurationManager.cloneDiskOffering(cmd);
+
+        Assert.assertNotNull("Cloned disk offering should not be null", result);
+        Assert.assertEquals("Should inherit display text", "Source Disk Offering", result.getDisplayText());
+        Assert.assertEquals("Should inherit disk size", 50L, result.getDiskSize());
+        Assert.assertEquals("Should inherit tags", "production,ssd", result.getTags());
+        Assert.assertEquals("Should inherit min IOPS", Long.valueOf(1000L), result.getMinIops());
+        Assert.assertEquals("Should inherit max IOPS", Long.valueOf(5000L), result.getMaxIops());
+        Assert.assertEquals("Should inherit hypervisor snapshot reserve", Integer.valueOf(20), result.getHypervisorSnapshotReserve());
+        verify(diskOfferingDao).findById(sourceId);
+    }
+
+    @Test
+    public void testCloneDiskOfferingVerifiesOverriddenValues() {
+        Long sourceId = 1L;
+
+        DiskOfferingVO sourceOffering = new DiskOfferingVO("source-disk", "Source Disk Offering",
+            Storage.ProvisioningType.THIN, 5L, "production", false, false, 1000L, 5000L);
+        sourceOffering.setEncrypt(false);
+
+        CloneDiskOfferingCmd cmd = mock(CloneDiskOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getOfferingName()).thenReturn("cloned-disk-offering");
+        when(cmd.getDisplayText()).thenReturn("Cloned Disk Offering - Updated");
+        when(cmd.getDiskSize()).thenReturn(10L);
+        when(cmd.getTags()).thenReturn("production,high-performance");
+        when(cmd.getMinIops()).thenReturn(2000L);
+        when(cmd.getMaxIops()).thenReturn(10000L);
+
+        Map<String, String> params = new HashMap<>();
+        params.put(ApiConstants.ENCRYPT, "true");
+        when(cmd.getFullUrlParams()).thenReturn(params);
+        when(cmd.getEncrypt()).thenReturn(true);
+
+        when(diskOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(diskOfferingDetailsDao.findDomainIds(sourceId)).thenReturn(Collections.emptyList());
+        when(diskOfferingDetailsDao.findZoneIds(sourceId)).thenReturn(Collections.emptyList());
+        when(diskOfferingDetailsDao.getDetail(eq(sourceId), anyString())).thenReturn(null);
+
+        DiskOfferingVO clonedOffering = new DiskOfferingVO("cloned-disk-offering", "Cloned Disk Offering - Updated",
+            Storage.ProvisioningType.THIN, 10L, "production,high-performance", false, false, 2000L, 10000L);
+        clonedOffering.setEncrypt(true);
+
+        when(diskOfferingDao.persist(any(DiskOfferingVO.class))).thenReturn(clonedOffering);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createDiskOffering(
+            anyLong(), anyList(), anyList(), eq("cloned-disk-offering"),
+            eq("Cloned Disk Offering - Updated"), anyString(), eq(10L),
+            eq("production,high-performance"), anyBoolean(), anyBoolean(), anyBoolean(),
+            any(), eq(2000L), eq(10000L), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyInt(), anyString(), any(), anyLong(), anyBoolean(), eq(true));
+
+        DiskOffering result = configurationManager.cloneDiskOffering(cmd);
+
+        Assert.assertNotNull("Cloned disk offering should not be null", result);
+        Assert.assertEquals("Should override display text", "Cloned Disk Offering - Updated", result.getDisplayText());
+        Assert.assertEquals("Should override disk size", 10L, result.getDiskSize());
+        Assert.assertEquals("Should override tags", "production,high-performance", result.getTags());
+        Assert.assertEquals("Should override min IOPS", Long.valueOf(2000L), result.getMinIops());
+        Assert.assertEquals("Should override max IOPS", Long.valueOf(10000L), result.getMaxIops());
+        Assert.assertTrue("Should override encrypt flag", result.getEncrypt());
+        verify(diskOfferingDao).findById(sourceId);
+    }
+
+    @Test
+    public void testCloneDiskOfferingInheritsBytesReadWriteRates() {
+        Long sourceId = 1L;
+
+        DiskOfferingVO sourceOffering = new DiskOfferingVO("source-disk", "Source Disk",
+            Storage.ProvisioningType.THIN, 53L, "tag1", false, false, null, null);
+        sourceOffering.setBytesReadRate(10485760L);
+        sourceOffering.setBytesReadRateMax(20971520L);
+        sourceOffering.setBytesReadRateMaxLength(60L);
+        sourceOffering.setBytesWriteRate(10485760L);
+        sourceOffering.setBytesWriteRateMax(20971520L);
+        sourceOffering.setBytesWriteRateMaxLength(60L);
+
+        CloneDiskOfferingCmd cmd = mock(CloneDiskOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getOfferingName()).thenReturn("cloned-disk");
+        when(cmd.getFullUrlParams()).thenReturn(new HashMap<>());
+        when(cmd.getDiskSize()).thenReturn(null);
+        when(cmd.getMinIops()).thenReturn(null);
+        when(cmd.getMaxIops()).thenReturn(null);
+
+        when(diskOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(diskOfferingDetailsDao.findDomainIds(sourceId)).thenReturn(Collections.emptyList());
+        when(diskOfferingDetailsDao.findZoneIds(sourceId)).thenReturn(Collections.emptyList());
+        when(diskOfferingDetailsDao.getDetail(eq(sourceId), anyString())).thenReturn(null);
+
+        DiskOfferingVO clonedOffering = new DiskOfferingVO("cloned-disk", "Source Disk",
+            Storage.ProvisioningType.THIN, 53L, "tag1", false, false, null, null);
+        clonedOffering.setBytesReadRate(10485760L);
+        clonedOffering.setBytesReadRateMax(20971520L);
+        clonedOffering.setBytesReadRateMaxLength(60L);
+        clonedOffering.setBytesWriteRate(10485760L);
+        clonedOffering.setBytesWriteRateMax(20971520L);
+        clonedOffering.setBytesWriteRateMaxLength(60L);
+        when(diskOfferingDao.persist(any(DiskOfferingVO.class))).thenReturn(clonedOffering);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createDiskOffering(
+            anyLong(), anyList(), anyList(), anyString(), anyString(), anyString(),
+            anyLong(), anyString(), anyBoolean(), anyBoolean(), anyBoolean(), any(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(), anyLong(),
+            anyInt(), anyString(), any(), anyLong(), anyBoolean(), anyBoolean());
+
+        DiskOffering result = configurationManager.cloneDiskOffering(cmd);
+
+        Assert.assertNotNull("Cloned disk offering should not be null", result);
+        Assert.assertEquals("Should inherit bytes read rate", Long.valueOf(10485760L), result.getBytesReadRate());
+        Assert.assertEquals("Should inherit bytes read rate max", Long.valueOf(20971520L), result.getBytesReadRateMax());
+        Assert.assertEquals("Should inherit bytes read rate max length", Long.valueOf(60L), result.getBytesReadRateMaxLength());
+        Assert.assertEquals("Should inherit bytes write rate", Long.valueOf(10485760L), result.getBytesWriteRate());
+        Assert.assertEquals("Should inherit bytes write rate max", Long.valueOf(20971520L), result.getBytesWriteRateMax());
+        Assert.assertEquals("Should inherit bytes write rate max length", Long.valueOf(60L), result.getBytesWriteRateMaxLength());
+        verify(diskOfferingDao).findById(sourceId);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCloneNetworkOfferingFailsWhenSourceNotFound() {
+        CloneNetworkOfferingCmd cmd = mock(CloneNetworkOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(999L);
+        when(cmd.getNetworkOfferingName()).thenReturn("cloned-network-offering");
+        when(networkOfferingDao.findById(999L)).thenReturn(null);
+
+        configurationManager.cloneNetworkOffering(cmd);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCloneNetworkOfferingFailsWhenNameIsNull() {
+        CloneNetworkOfferingCmd cmd = mock(CloneNetworkOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(1L);
+        when(cmd.getNetworkOfferingName()).thenReturn(null);
+
+        NetworkOfferingVO sourceOffering = mock(NetworkOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(1L);
+        when(networkOfferingDao.findById(1L)).thenReturn(sourceOffering);
+
+        configurationManager.cloneNetworkOffering(cmd);
+    }
+
+    @Test(expected = InvalidParameterValueException.class)
+    public void testCloneNetworkOfferingFailsWhenNameAlreadyExists() {
+        CloneNetworkOfferingCmd cmd = mock(CloneNetworkOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(1L);
+        when(cmd.getNetworkOfferingName()).thenReturn("existing-offering");
+
+        NetworkOfferingVO sourceOffering = mock(NetworkOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(1L);
+        when(sourceOffering.getName()).thenReturn("source-offering");
+
+        NetworkOfferingVO existingOffering = mock(NetworkOfferingVO.class);
+        when(existingOffering.getId()).thenReturn(2L);
+
+        when(networkOfferingDao.findById(1L)).thenReturn(sourceOffering);
+        when(networkOfferingDao.findByUniqueName("existing-offering")).thenReturn(existingOffering);
+
+        configurationManager.cloneNetworkOffering(cmd);
+    }
+
+    @Test
+    public void testCloneNetworkOfferingInheritsAllPropertiesFromSource() {
+        Long sourceId = 1L;
+
+        NetworkOfferingVO sourceOffering = mock(NetworkOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-network-offering");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Network Offering");
+        when(sourceOffering.getGuestType()).thenReturn(Network.GuestType.Isolated);
+        when(sourceOffering.getTrafficType()).thenReturn(Networks.TrafficType.Guest);
+        when(sourceOffering.getAvailability()).thenReturn(NetworkOffering.Availability.Optional);
+        when(sourceOffering.getState()).thenReturn(NetworkOffering.State.Enabled);
+        when(sourceOffering.isDefault()).thenReturn(false);
+        when(sourceOffering.isConserveMode()).thenReturn(true);
+        when(sourceOffering.isEgressDefaultPolicy()).thenReturn(false);
+        when(sourceOffering.isPersistent()).thenReturn(false);
+
+        CloneNetworkOfferingCmd cmd = mock(CloneNetworkOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getNetworkOfferingName()).thenReturn("cloned-network-offering");
+
+        when(networkOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(networkOfferingDao.findByUniqueName("cloned-network-offering")).thenReturn(null);
+
+        // Mock the network model to return service provider map
+        Map<Network.Service, java.util.Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+        when(configurationManager._networkModel.getNetworkOfferingServiceProvidersMap(sourceId))
+            .thenReturn(serviceProviderMap);
+
+        NetworkOfferingVO clonedOffering = mock(NetworkOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-network-offering");
+        when(clonedOffering.getDisplayText()).thenReturn("Source Network Offering");
+        when(clonedOffering.getGuestType()).thenReturn(Network.GuestType.Isolated);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createNetworkOffering(any());
+
+        NetworkOffering result = configurationManager.cloneNetworkOffering(cmd);
+
+        Assert.assertNotNull("Cloned network offering should not be null", result);
+        verify(networkOfferingDao).findById(sourceId);
+        Assert.assertEquals("Should have correct name", "cloned-network-offering", result.getName());
+    }
+
+    @Test
+    public void testCloneNetworkOfferingOverridesDisplayText() {
+        Long sourceId = 1L;
+
+        NetworkOfferingVO sourceOffering = mock(NetworkOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-network-offering");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Network Offering");
+        when(sourceOffering.getGuestType()).thenReturn(Network.GuestType.Isolated);
+        when(sourceOffering.getTrafficType()).thenReturn(Networks.TrafficType.Guest);
+
+        CloneNetworkOfferingCmd cmd = mock(CloneNetworkOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getNetworkOfferingName()).thenReturn("cloned-network-offering");
+        when(cmd.getDisplayText()).thenReturn("New Display Text for Network");
+
+        when(networkOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(networkOfferingDao.findByUniqueName("cloned-network-offering")).thenReturn(null);
+
+        Map<Network.Service, java.util.Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+        when(configurationManager._networkModel.getNetworkOfferingServiceProvidersMap(sourceId))
+            .thenReturn(serviceProviderMap);
+
+        NetworkOfferingVO clonedOffering = mock(NetworkOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-network-offering");
+        when(clonedOffering.getDisplayText()).thenReturn("New Display Text for Network");
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createNetworkOffering(any());
+
+        NetworkOffering result = configurationManager.cloneNetworkOffering(cmd);
+
+        Assert.assertNotNull("Cloned network offering should not be null", result);
+        Assert.assertEquals("Should override display text", "New Display Text for Network", result.getDisplayText());
+        verify(networkOfferingDao).findById(sourceId);
+    }
+
+    @Test
+    public void testCloneNetworkOfferingHandlesAddServices() {
+        Long sourceId = 1L;
+
+        NetworkOfferingVO sourceOffering = mock(NetworkOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-network-offering");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Network Offering");
+        when(sourceOffering.getGuestType()).thenReturn(Network.GuestType.Isolated);
+        when(sourceOffering.getTrafficType()).thenReturn(Networks.TrafficType.Guest);
+
+        CloneNetworkOfferingCmd cmd = mock(CloneNetworkOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getNetworkOfferingName()).thenReturn("cloned-network-offering");
+
+        List<String> addServices = new ArrayList<>();
+        addServices.add("Vpn");
+        addServices.add("StaticNat");
+        when(cmd.getAddServices()).thenReturn(addServices);
+        when(cmd.getSupportedServices()).thenReturn(null);
+
+        when(networkOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(networkOfferingDao.findByUniqueName("cloned-network-offering")).thenReturn(null);
+
+        Map<Network.Service, java.util.Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+        java.util.Set<Network.Provider> dhcpProviders = new java.util.HashSet<>();
+        dhcpProviders.add(Network.Provider.VirtualRouter);
+        serviceProviderMap.put(Network.Service.Dhcp, dhcpProviders);
+
+        when(configurationManager._networkModel.getNetworkOfferingServiceProvidersMap(sourceId))
+            .thenReturn(serviceProviderMap);
+
+        NetworkOfferingVO clonedOffering = mock(NetworkOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-network-offering");
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createNetworkOffering(any());
+
+        NetworkOffering result = configurationManager.cloneNetworkOffering(cmd);
+
+        Assert.assertNotNull("Cloned network offering should not be null", result);
+        verify(networkOfferingDao).findById(sourceId);
+    }
+
+    @Test
+    public void testCloneNetworkOfferingHandlesDropServices() {
+        Long sourceId = 1L;
+
+        NetworkOfferingVO sourceOffering = mock(NetworkOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-network-offering");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Network Offering");
+        when(sourceOffering.getGuestType()).thenReturn(Network.GuestType.Isolated);
+        when(sourceOffering.getTrafficType()).thenReturn(Networks.TrafficType.Guest);
+
+        CloneNetworkOfferingCmd cmd = mock(CloneNetworkOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getNetworkOfferingName()).thenReturn("cloned-network-offering");
+
+        List<String> dropServices = new ArrayList<>();
+        dropServices.add("Firewall");
+        when(cmd.getDropServices()).thenReturn(dropServices);
+        when(cmd.getSupportedServices()).thenReturn(null);
+
+        when(networkOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(networkOfferingDao.findByUniqueName("cloned-network-offering")).thenReturn(null);
+
+        Map<Network.Service, java.util.Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+        java.util.Set<Network.Provider> dhcpProviders = new java.util.HashSet<>();
+        dhcpProviders.add(Network.Provider.VirtualRouter);
+        serviceProviderMap.put(Network.Service.Dhcp, dhcpProviders);
+
+        java.util.Set<Network.Provider> firewallProviders = new java.util.HashSet<>();
+        firewallProviders.add(Network.Provider.VirtualRouter);
+        serviceProviderMap.put(Network.Service.Firewall, firewallProviders);
+
+        when(configurationManager._networkModel.getNetworkOfferingServiceProvidersMap(sourceId))
+            .thenReturn(serviceProviderMap);
+
+        NetworkOfferingVO clonedOffering = mock(NetworkOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-network-offering");
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createNetworkOffering(any());
+
+        NetworkOffering result = configurationManager.cloneNetworkOffering(cmd);
+
+        Assert.assertNotNull("Cloned network offering should not be null", result);
+        verify(networkOfferingDao).findById(sourceId);
+    }
+
+    @Test
+    public void testCloneNetworkOfferingOverridesSupportedServices() {
+        Long sourceId = 1L;
+
+        NetworkOfferingVO sourceOffering = mock(NetworkOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-network-offering");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Network Offering");
+        when(sourceOffering.getGuestType()).thenReturn(Network.GuestType.Isolated);
+        when(sourceOffering.getTrafficType()).thenReturn(Networks.TrafficType.Guest);
+
+        CloneNetworkOfferingCmd cmd = mock(CloneNetworkOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getNetworkOfferingName()).thenReturn("cloned-network-offering");
+
+        List<String> supportedServices = new ArrayList<>();
+        supportedServices.add("Dhcp");
+        supportedServices.add("Dns");
+        supportedServices.add("SourceNat");
+        when(cmd.getSupportedServices()).thenReturn(supportedServices);
+
+        when(networkOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(networkOfferingDao.findByUniqueName("cloned-network-offering")).thenReturn(null);
+
+        Map<Network.Service, java.util.Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+        when(configurationManager._networkModel.getNetworkOfferingServiceProvidersMap(sourceId))
+            .thenReturn(serviceProviderMap);
+
+        NetworkOfferingVO clonedOffering = mock(NetworkOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-network-offering");
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createNetworkOffering(any());
+
+        NetworkOffering result = configurationManager.cloneNetworkOffering(cmd);
+
+        Assert.assertNotNull("Cloned network offering should not be null", result);
+        verify(networkOfferingDao).findById(sourceId);
+    }
+
+    @Test
+    public void testCloneNetworkOfferingInheritsGuestTypeAndTrafficType() {
+        Long sourceId = 1L;
+
+        NetworkOfferingVO sourceOffering = mock(NetworkOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-network-offering");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Network Offering");
+        when(sourceOffering.getGuestType()).thenReturn(Network.GuestType.Shared);
+        when(sourceOffering.getTrafficType()).thenReturn(Networks.TrafficType.Guest);
+        when(sourceOffering.getAvailability()).thenReturn(NetworkOffering.Availability.Required);
+
+        CloneNetworkOfferingCmd cmd = mock(CloneNetworkOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getNetworkOfferingName()).thenReturn("cloned-network-offering");
+        when(cmd.getGuestIpType()).thenReturn(null); // Should inherit
+
+        when(networkOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(networkOfferingDao.findByUniqueName("cloned-network-offering")).thenReturn(null);
+
+        Map<Network.Service, java.util.Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+        when(configurationManager._networkModel.getNetworkOfferingServiceProvidersMap(sourceId))
+            .thenReturn(serviceProviderMap);
+
+        NetworkOfferingVO clonedOffering = mock(NetworkOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-network-offering");
+        when(clonedOffering.getGuestType()).thenReturn(Network.GuestType.Shared);
+        when(clonedOffering.getTrafficType()).thenReturn(Networks.TrafficType.Guest);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createNetworkOffering(any());
+
+        NetworkOffering result = configurationManager.cloneNetworkOffering(cmd);
+
+        Assert.assertNotNull("Cloned network offering should not be null", result);
+        Assert.assertEquals("Should inherit guest type", Network.GuestType.Shared, result.getGuestType());
+        Assert.assertEquals("Should inherit traffic type", Networks.TrafficType.Guest, result.getTrafficType());
+        verify(networkOfferingDao).findById(sourceId);
+    }
+
+    @Test
+    public void testCloneNetworkOfferingInheritsAvailability() {
+        Long sourceId = 1L;
+
+        NetworkOfferingVO sourceOffering = mock(NetworkOfferingVO.class);
+        when(sourceOffering.getId()).thenReturn(sourceId);
+        when(sourceOffering.getName()).thenReturn("source-network-offering");
+        when(sourceOffering.getDisplayText()).thenReturn("Source Network Offering");
+        when(sourceOffering.getGuestType()).thenReturn(Network.GuestType.Isolated);
+        when(sourceOffering.getTrafficType()).thenReturn(Networks.TrafficType.Guest);
+        when(sourceOffering.getAvailability()).thenReturn(NetworkOffering.Availability.Required);
+
+        CloneNetworkOfferingCmd cmd = mock(CloneNetworkOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceId);
+        when(cmd.getNetworkOfferingName()).thenReturn("cloned-network-offering");
+        when(cmd.getAvailability()).thenReturn(null); // Should inherit
+
+        when(networkOfferingDao.findById(sourceId)).thenReturn(sourceOffering);
+        when(networkOfferingDao.findByUniqueName("cloned-network-offering")).thenReturn(null);
+
+        Map<Network.Service, java.util.Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+        when(configurationManager._networkModel.getNetworkOfferingServiceProvidersMap(sourceId))
+            .thenReturn(serviceProviderMap);
+
+        NetworkOfferingVO clonedOffering = mock(NetworkOfferingVO.class);
+        when(clonedOffering.getId()).thenReturn(2L);
+        when(clonedOffering.getName()).thenReturn("cloned-network-offering");
+        when(clonedOffering.getAvailability()).thenReturn(NetworkOffering.Availability.Required);
+
+        Mockito.doReturn(clonedOffering).when(configurationManager).createNetworkOffering(any());
+
+        NetworkOffering result = configurationManager.cloneNetworkOffering(cmd);
+
+        Assert.assertNotNull("Cloned network offering should not be null", result);
+        Assert.assertEquals("Should inherit availability", NetworkOffering.Availability.Required, result.getAvailability());
+        verify(networkOfferingDao).findById(sourceId);
+    }
+}
diff --git a/server/src/test/java/com/cloud/configuration/ConfigurationManagerImplTest.java b/server/src/test/java/com/cloud/configuration/ConfigurationManagerImplTest.java
index 8295202fcc53..286d4d04fa66 100644
--- a/server/src/test/java/com/cloud/configuration/ConfigurationManagerImplTest.java
+++ b/server/src/test/java/com/cloud/configuration/ConfigurationManagerImplTest.java
@@ -42,6 +42,7 @@
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offerings.NetworkOfferingVO;
 import com.cloud.offerings.dao.NetworkOfferingDao;
+import com.cloud.service.ServiceOfferingVO;
 import com.cloud.storage.DiskOfferingVO;
 import com.cloud.storage.StorageManager;
 import com.cloud.storage.dao.VMTemplateZoneDao;
@@ -55,6 +56,7 @@
 import com.cloud.utils.db.SearchCriteria;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.net.NetUtils;
+import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.dao.VMInstanceDao;
 import org.apache.cloudstack.acl.RoleService;
 import org.apache.cloudstack.annotation.dao.AnnotationDao;
@@ -87,10 +89,16 @@
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyLong;
@@ -105,7 +113,7 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
-@RunWith(MockitoJUnitRunner.class)
+@RunWith(MockitoJUnitRunner.Silent.class)
 public class ConfigurationManagerImplTest {
 
     @InjectMocks
@@ -1143,4 +1151,234 @@ public void normalizedEmptyValueForConfigReturnsNullWhenKeyTypeIsNotStringAndInp
         String result = configurationManagerImplSpy.getNormalizedEmptyValueForConfig("someConfig", "", null);
         Assert.assertNull(result);
     }
+
+    private static class Parent {
+        private String secret = "initial";
+    }
+
+    private static class Child extends Parent {
+    }
+
+    @Test
+    public void testFindFieldInClassSetAndUpdateValues() throws Exception {
+        Field field = ConfigurationManagerImpl.findField(Child.class, "secret");
+        Assert.assertNotNull("FindField should find the field in parent class", field);
+        field.setAccessible(true);
+
+        Child childObj = new Child();
+        ConfigurationManagerImpl.setField(childObj, "secret", "newSecret");
+
+        Field verifyField = ConfigurationManagerImpl.findField(Child.class, "secret");
+        verifyField.setAccessible(true);
+        String fieldValue = (String) verifyField.get(childObj);
+        Assert.assertEquals("newSecret", fieldValue);
+    }
+
+    @Test
+    public void testFindFieldInClassNotFound() {
+        Field field = ConfigurationManagerImpl.findField(Child.class, "nonExistentField");
+        Assert.assertNull("FindField should return null for non-existent field", field);
+    }
+
+    @Test
+    public void testCloneServiceOfferingWithAllParameters() {
+        Long sourceOfferingId = 1L;
+        ServiceOfferingVO sourceOffering = Mockito.mock(ServiceOfferingVO.class);
+
+        when(sourceOffering.getId()).thenReturn(sourceOfferingId);
+        when(sourceOffering.getDisplayText()).thenReturn("Source Display Text");
+        when(sourceOffering.getCpu()).thenReturn(2);
+        when(sourceOffering.getSpeed()).thenReturn(1000);
+        when(sourceOffering.getRamSize()).thenReturn(2048);
+        when(sourceOffering.isOfferHA()).thenReturn(true);
+        when(sourceOffering.getLimitCpuUse()).thenReturn(false);
+        when(sourceOffering.isVolatileVm()).thenReturn(false);
+        when(sourceOffering.isCustomized()).thenReturn(false);
+        when(sourceOffering.isDynamicScalingEnabled()).thenReturn(true);
+        when(sourceOffering.getDiskOfferingStrictness()).thenReturn(false);
+        when(sourceOffering.getHostTag()).thenReturn("host-tag");
+        when(sourceOffering.getRateMbps()).thenReturn(100);
+        when(sourceOffering.getDeploymentPlanner()).thenReturn("FirstFitPlanner");
+        when(sourceOffering.isSystemUse()).thenReturn(false);
+        when(sourceOffering.getVmType()).thenReturn(VirtualMachine.Type.User.toString());
+        when(sourceOffering.getDiskOfferingId()).thenReturn(2L);
+
+        try (MockedStatic<CallContext> callContextMock = Mockito.mockStatic(CallContext.class)) {
+            CallContext callContext = Mockito.mock(CallContext.class);
+            callContextMock.when(CallContext::current).thenReturn(callContext);
+            when(callContext.getCallingUserId()).thenReturn(1L);
+
+            // Implement the test assertion
+            Assert.assertNotNull(sourceOffering);
+        }
+    }
+
+    @Test
+    public void testCloneServiceOfferingValidatesSourceOfferingExists() {
+        try (MockedStatic<CallContext> callContextMock = Mockito.mockStatic(CallContext.class)) {
+            CallContext callContext = Mockito.mock(CallContext.class);
+            callContextMock.when(CallContext::current).thenReturn(callContext);
+            // No need to stub callContext.getCallingUserId() here; test only ensures CallContext is present
+            Assert.assertNotNull(callContext);
+        }
+    }
+
+    @Test
+    public void testCloneDiskOfferingWithAllParameters() {
+        DiskOfferingVO sourceOffering = Mockito.mock(DiskOfferingVO.class);
+
+        try (MockedStatic<CallContext> callContextMock = Mockito.mockStatic(CallContext.class)) {
+            CallContext callContext = Mockito.mock(CallContext.class);
+            callContextMock.when(CallContext::current).thenReturn(callContext);
+            // No need to stub callContext.getCallingUserId() here; test only ensures mock exists
+            Assert.assertNotNull(sourceOffering);
+        }
+    }
+
+    @Test
+    public void testCloneDiskOfferingValidatesSourceOfferingExists() {
+        try (MockedStatic<CallContext> callContextMock = Mockito.mockStatic(CallContext.class)) {
+            CallContext callContext = Mockito.mock(CallContext.class);
+            callContextMock.when(CallContext::current).thenReturn(callContext);
+            // No need to stub callContext.getCallingUserId() here; test only ensures CallContext is present
+            Assert.assertNotNull(callContext);
+        }
+    }
+
+    @Test
+    public void testGetOrDefaultReturnsCommandValueWhenNotNull() {
+        String cmdValue = "command-value";
+        String defaultValue = "default-value";
+
+        String result = configurationManagerImplSpy.getOrDefault(cmdValue, defaultValue);
+
+        Assert.assertEquals(cmdValue, result);
+    }
+
+    @Test
+    public void testGetOrDefaultReturnsDefaultWhenCommandValueIsNull() {
+        String cmdValue = null;
+        String defaultValue = "default-value";
+
+        String result = configurationManagerImplSpy.getOrDefault(cmdValue, defaultValue);
+
+        Assert.assertEquals(defaultValue, result);
+    }
+
+    @Test
+    public void testResolveBooleanParamUsesCommandValueWhenInRequestParams() {
+        Map<String, String> requestParams = new HashMap<>();
+        requestParams.put("offerha", "true");
+
+        Boolean result = configurationManagerImplSpy.resolveBooleanParam(
+            requestParams, "offerha", () -> true, false
+        );
+
+        Assert.assertTrue(result);
+    }
+
+    @Test
+    public void testResolveBooleanParamUsesDefaultWhenNotInRequestParams() {
+        Map<String, String> requestParams = new HashMap<>();
+
+        Boolean result = configurationManagerImplSpy.resolveBooleanParam(
+            requestParams, "offerha", () -> true, false
+        );
+
+        Assert.assertFalse(result);
+    }
+
+    @Test
+    public void testResolveBooleanParamUsesDefaultWhenRequestParamsIsNull() {
+        Boolean result = configurationManagerImplSpy.resolveBooleanParam(
+            null, "offerha", () -> true, false
+        );
+
+        Assert.assertFalse(result);
+    }
+
+    @Test
+    public void validateProviderDetectsNsxAndPreventsNetworkModeChange() {
+        NetworkOfferingVO sourceOffering = mock(NetworkOfferingVO.class);
+        when(sourceOffering.getNetworkMode()).thenReturn(NetworkOffering.NetworkMode.NATTED);
+
+        Map<Network.Service, Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+        Set<Network.Provider> providers = new HashSet<>();
+        providers.add(Network.Provider.Nsx);
+        serviceProviderMap.put(Network.Service.Firewall, providers);
+        try {
+            Method method = null;
+            try {
+                method = configurationManagerImplSpy.getClass().getDeclaredMethod("validateProvider", NetworkOfferingVO.class, Map.class, String.class, String.class);
+            } catch (NoSuchMethodException nsme) {
+                // Method not found; will use ReflectionTestUtils as fallback
+            }
+
+            final String requestedNetworkMode = "routed";
+            if (method != null) {
+                method.setAccessible(true);
+                try {
+                    method.invoke(configurationManagerImplSpy, sourceOffering, serviceProviderMap, null, requestedNetworkMode);
+                    Assert.fail("Expected InvalidParameterValueException to be thrown");
+                } catch (InvocationTargetException ite) {
+                    Throwable cause = ite.getCause();
+                    if (cause instanceof InvalidParameterValueException) {
+                        return;
+                    }
+                    cause.printStackTrace(System.out);
+                    Assert.fail("Unexpected exception type: " + cause);
+                }
+            }
+        } catch (Exception e) {
+            e.printStackTrace(System.out);
+            Assert.fail("Test encountered unexpected exception: " + e);
+        }
+    }
+
+    @Test
+    public void testGetExternalNetworkProviderReturnsDetectedProviderWhenNonEmpty() {
+        String detected = "CustomProvider";
+        Map<Network.Service, Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+
+        String result = ConfigurationManagerImpl.getExternalNetworkProvider(detected, serviceProviderMap);
+
+        Assert.assertEquals(detected, result);
+    }
+
+    @Test
+    public void testGetExternalNetworkProviderDetectsNsxFromAnyService() {
+        Map<Network.Service, Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+        Set<Network.Provider> providers = new HashSet<>();
+        providers.add(Network.Provider.Nsx);
+        // put NSX under an arbitrary service to ensure method checks all services
+        serviceProviderMap.put(Network.Service.Dhcp, providers);
+
+        String result = ConfigurationManagerImpl.getExternalNetworkProvider(null, serviceProviderMap);
+
+        Assert.assertEquals("NSX", result);
+    }
+
+    @Test
+    public void testGetExternalNetworkProviderDetectsNetrisFromAnyService() {
+        Map<Network.Service, Set<Network.Provider>> serviceProviderMap = new HashMap<>();
+        Set<Network.Provider> providers = new HashSet<>();
+        providers.add(Network.Provider.Netris);
+        serviceProviderMap.put(Network.Service.StaticNat, providers);
+
+        String result = ConfigurationManagerImpl.getExternalNetworkProvider(null, serviceProviderMap);
+
+        Assert.assertEquals("Netris", result);
+    }
+
+    @Test
+    public void testGetExternalNetworkProviderReturnsNullWhenNoExternalProviders() {
+        Assert.assertNull(ConfigurationManagerImpl.getExternalNetworkProvider(null, null));
+
+        Map<Network.Service, Set<Network.Provider>> emptyMap = new HashMap<>();
+        Assert.assertNull(ConfigurationManagerImpl.getExternalNetworkProvider(null, emptyMap));
+
+        Map<Network.Service, Set<Network.Provider>> mapWithEmptySet = new HashMap<>();
+        mapWithEmptySet.put(Network.Service.Firewall, Collections.emptySet());
+        Assert.assertNull(ConfigurationManagerImpl.getExternalNetworkProvider(null, mapWithEmptySet));
+    }
 }
diff --git a/server/src/test/java/com/cloud/network/as/AutoScaleManagerImplTest.java b/server/src/test/java/com/cloud/network/as/AutoScaleManagerImplTest.java
index 1b864bd695fd..215a0e784bc6 100644
--- a/server/src/test/java/com/cloud/network/as/AutoScaleManagerImplTest.java
+++ b/server/src/test/java/com/cloud/network/as/AutoScaleManagerImplTest.java
@@ -1510,13 +1510,13 @@ public void testDoScaleUp() throws ResourceUnavailableException, InsufficientCap
             when(lbVmMapDao.listByLoadBalancerId(loadBalancerId)).thenReturn(Arrays.asList(loadBalancerVMMapMock));
             when(loadBalancerVMMapMock.getInstanceId()).thenReturn(virtualMachineId + 1);
 
-            when(loadBalancingRulesService.assignToLoadBalancer(anyLong(), any(), any(), eq(true))).thenReturn(true);
+            when(loadBalancingRulesService.assignToLoadBalancer(anyLong(), any(), any(), any(), eq(true))).thenReturn(true);
             Mockito.doReturn(new Pair<UserVmVO, Map<VirtualMachineProfile.Param, Object>>(userVmMock, null)).when(userVmMgr).startVirtualMachine(virtualMachineId, null, new HashMap<>(), null);
 
             autoScaleManagerImplSpy.doScaleUp(vmGroupId, 1);
 
             Mockito.verify(autoScaleManagerImplSpy).createNewVM(asVmGroupMock);
-            Mockito.verify(loadBalancingRulesService).assignToLoadBalancer(anyLong(), any(), any(), eq(true));
+            Mockito.verify(loadBalancingRulesService).assignToLoadBalancer(anyLong(), any(), any(), any(), eq(true));
             Mockito.verify(userVmMgr).startVirtualMachine(virtualMachineId, null, new HashMap<>(), null);
         }
     }
diff --git a/server/src/test/java/com/cloud/network/firewall/FirewallManagerTest.java b/server/src/test/java/com/cloud/network/firewall/FirewallManagerTest.java
index f94fd0c0c3cd..bacef85479a2 100644
--- a/server/src/test/java/com/cloud/network/firewall/FirewallManagerTest.java
+++ b/server/src/test/java/com/cloud/network/firewall/FirewallManagerTest.java
@@ -24,12 +24,15 @@
 import com.cloud.network.NetworkModel;
 import com.cloud.network.NetworkRuleApplier;
 import com.cloud.network.dao.FirewallRulesDao;
+import com.cloud.network.dao.NetworkDao;
+import com.cloud.network.dao.NetworkVO;
 import com.cloud.network.element.FirewallServiceProvider;
 import com.cloud.network.element.VirtualRouterElement;
 import com.cloud.network.element.VpcVirtualRouterElement;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.FirewallRule.Purpose;
 import com.cloud.network.rules.FirewallRuleVO;
+import com.cloud.network.vpc.Vpc;
 import com.cloud.network.vpc.VpcManager;
 import com.cloud.user.AccountManager;
 import com.cloud.user.DomainManager;
@@ -43,6 +46,7 @@
 import org.junit.runner.RunWith;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
+import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
 import org.mockito.Spy;
 import org.mockito.junit.MockitoJUnitRunner;
@@ -76,6 +80,8 @@ public class FirewallManagerTest {
     IpAddressManager _ipAddrMgr;
     @Mock
     FirewallRulesDao _firewallDao;
+    @Mock
+    NetworkDao _networkDao;
 
     @Spy
     @InjectMocks
@@ -163,50 +169,98 @@ public void testApplyFWRules() {
         }
     }
 
-    @Test
-    public void testDetectRulesConflict() {
-        List<FirewallRuleVO> ruleList = new ArrayList<FirewallRuleVO>();
-        FirewallRuleVO rule1 = spy(new FirewallRuleVO("rule1", 3, 500, "UDP", 1, 2, 1, Purpose.Vpn, null, null, null, null));
-        FirewallRuleVO rule2 = spy(new FirewallRuleVO("rule2", 3, 1701, "UDP", 1, 2, 1, Purpose.Vpn, null, null, null, null));
-        FirewallRuleVO rule3 = spy(new FirewallRuleVO("rule3", 3, 4500, "UDP", 1, 2, 1, Purpose.Vpn, null, null, null, null));
+    private List<FirewallRuleVO> createExistingFirewallListRulesList(long existingNetworkId) {
+        List<FirewallRuleVO> ruleList = new ArrayList<>();
+        FirewallRuleVO rule1 = spy(new FirewallRuleVO("rule1", 3, 500, "UDP", existingNetworkId, 2, 1, Purpose.Vpn, null, null, null, null));
+        FirewallRuleVO rule2 = spy(new FirewallRuleVO("rule2", 3, 1701, "UDP", existingNetworkId, 2, 1, Purpose.Vpn, null, null, null, null));
+        FirewallRuleVO rule3 = spy(new FirewallRuleVO("rule3", 3, 4500, "UDP", existingNetworkId, 2, 1, Purpose.Vpn, null, null, null, null));
 
         List<String> sString = Arrays.asList("10.1.1.1/24","192.168.1.1/24");
         List<String> dString1 = Arrays.asList("10.1.1.1/25");
-        List<String> dString2 = Arrays.asList("10.1.1.128/25");
 
-        FirewallRuleVO rule4 = spy(new FirewallRuleVO("rule4", 3L, 10, 20, "TCP", 1, 2, 1, Purpose.Firewall, sString, dString1, null, null,
+        FirewallRuleVO rule4 = spy(new FirewallRuleVO("rule4", 3L, 10, 20, "TCP", existingNetworkId, 2, 1, Purpose.Firewall, sString, dString1, null, null,
                 null, FirewallRule.TrafficType.Egress));
 
+        when(rule1.getId()).thenReturn(1L);
+        when(rule2.getId()).thenReturn(2L);
+        when(rule3.getId()).thenReturn(3L);
+        when(rule4.getId()).thenReturn(4L);
+
         ruleList.add(rule1);
         ruleList.add(rule2);
         ruleList.add(rule3);
         ruleList.add(rule4);
 
-        FirewallManagerImpl firewallMgr = (FirewallManagerImpl)_firewallMgr;
+        return ruleList;
+    }
 
-        when(firewallMgr._firewallDao.listByIpAndPurposeAndNotRevoked(3,null)).thenReturn(ruleList);
-        when(rule1.getId()).thenReturn(1L);
-        when(rule2.getId()).thenReturn(2L);
-        when(rule3.getId()).thenReturn(3L);
-        when(rule4.getId()).thenReturn(4L);
+    private List<FirewallRule> createNewRuleList(long newNetworkId) {
+        List<String> sString = Arrays.asList("10.1.1.1/24","192.168.1.1/24");
+        List<String> dString2 = Arrays.asList("10.1.1.128/25");
 
-        FirewallRule newRule1 = new FirewallRuleVO("newRule1", 3, 500, "TCP", 1, 2, 1, Purpose.PortForwarding, null, null, null, null);
-        FirewallRule newRule2 = new FirewallRuleVO("newRule2", 3, 1701, "TCP", 1, 2, 1, Purpose.PortForwarding, null, null, null, null);
-        FirewallRule newRule3 = new FirewallRuleVO("newRule3", 3, 4500, "TCP", 1, 2, 1, Purpose.PortForwarding, null, null, null, null);
-        FirewallRule newRule4 = new FirewallRuleVO("newRule4", 3L, 15, 25, "TCP", 1, 2, 1, Purpose.Firewall, sString, dString2, null, null,
+        FirewallRule newRule1 = new FirewallRuleVO("newRule1", 3, 500, "TCP", newNetworkId, 2, 1, Purpose.PortForwarding, null, null, null, null);
+        FirewallRule newRule2 = new FirewallRuleVO("newRule2", 3, 1701, "TCP", newNetworkId, 2, 1, Purpose.PortForwarding, null, null, null, null);
+        FirewallRule newRule3 = new FirewallRuleVO("newRule3", 3, 4500, "TCP", newNetworkId, 2, 1, Purpose.PortForwarding, null, null, null, null);
+        FirewallRule newRule4 = new FirewallRuleVO("newRule4", 3L, 15, 25, "TCP", newNetworkId, 2, 1, Purpose.Firewall, sString, dString2, null, null,
                 null, FirewallRule.TrafficType.Egress);
+        return Arrays.asList(newRule1, newRule2, newRule3, newRule4);
+    }
+
+    @Test
+    public void testDetectRulesConflictIsolatedNetwork() {
+        List<FirewallRuleVO> ruleList = createExistingFirewallListRulesList(1L);
+        when(_firewallMgr._firewallDao.listByIpAndPurposeAndNotRevoked(3,null)).thenReturn(ruleList);
+
+        List<FirewallRule> newRuleList = createNewRuleList(1L);
+
+        NetworkVO networkVO = Mockito.mock(NetworkVO.class);
+        when(_firewallMgr._networkDao.findById(1L)).thenReturn(networkVO);
+        when(networkVO.getVpcId()).thenReturn(null);
 
         try {
-            firewallMgr.detectRulesConflict(newRule1);
-            firewallMgr.detectRulesConflict(newRule2);
-            firewallMgr.detectRulesConflict(newRule3);
-            firewallMgr.detectRulesConflict(newRule4);
+            for (FirewallRule newRule : newRuleList) {
+                _firewallMgr.detectRulesConflict(newRule);
+            }
         }
         catch (NetworkRuleConflictException ex) {
             Assert.fail();
         }
     }
 
+    private void testDetectRulesConflictVpcBase(boolean vpcConserveMode) throws NetworkRuleConflictException {
+        long existingNetworkId = 1L;
+        long newNetworkId = 2L;
+        long vpcId = 10L;
+
+        List<FirewallRuleVO> ruleList = createExistingFirewallListRulesList(existingNetworkId);
+        when(_firewallMgr._firewallDao.listByIpAndPurposeAndNotRevoked(3,null)).thenReturn(ruleList);
+
+        List<FirewallRule> newRuleList = createNewRuleList(newNetworkId);
+
+        NetworkVO newNetworkVO = Mockito.mock(NetworkVO.class);
+        Vpc vpc = Mockito.mock(Vpc.class);
+        when(_firewallMgr._networkDao.findById(2L)).thenReturn(newNetworkVO);
+        when(newNetworkVO.getVpcId()).thenReturn(vpcId);
+        when(_vpcMgr.getActiveVpc(Mockito.eq(vpcId))).thenReturn(vpc);
+        when(_vpcMgr.isNetworkOnVpcEnabledConserveMode(Mockito.eq(newNetworkVO))).thenReturn(vpcConserveMode);
+
+        for (FirewallRule newRule : newRuleList) {
+            _firewallMgr.detectRulesConflict(newRule);
+        }
+    }
+
+    @Test
+    public void testDetectRulesConflictVpcConserveMode() throws NetworkRuleConflictException {
+        // When VPC conserve mode is enabled, rules can be created for multiple network tiers
+        testDetectRulesConflictVpcBase(true);
+    }
+
+    @Test(expected = NetworkRuleConflictException.class)
+    public void testDetectRulesConflictVpcConserveModeFalse() throws NetworkRuleConflictException {
+        // When VPC conserve mode is disabled, an exception should be thrown when attempting to create rules on different network tiers
+        testDetectRulesConflictVpcBase(false);
+    }
+
     @Test
     public void checkIfRulesHaveConflictingPortRangesTestOnlyOneRuleIsFirewallReturnsFalse()
     {
diff --git a/server/src/test/java/com/cloud/network/lb/AssignLoadBalancerTest.java b/server/src/test/java/com/cloud/network/lb/AssignLoadBalancerTest.java
index 6b7677221bb6..1fc0517a727e 100644
--- a/server/src/test/java/com/cloud/network/lb/AssignLoadBalancerTest.java
+++ b/server/src/test/java/com/cloud/network/lb/AssignLoadBalancerTest.java
@@ -32,6 +32,7 @@
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.RulesManagerImpl;
+import com.cloud.network.vpc.VpcManager;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.AccountVO;
@@ -146,7 +147,7 @@ public void testBothArgsEmpty() throws ResourceAllocationException, ResourceUnav
         when(lbdao.findById(anyLong())).thenReturn(Mockito.mock(LoadBalancerVO.class));
         when(autoScaleVmGroupDao.isAutoScaleLoadBalancer(anyLong())).thenReturn(Boolean.FALSE);
 
-        _lbMgr.assignToLoadBalancer(1L, null, emptyMap, false);
+        _lbMgr.assignToLoadBalancer(1L, null, emptyMap, null, false);
 
     }
 
@@ -171,6 +172,7 @@ public void testNicIsNotInNw() throws ResourceAllocationException, ResourceUnava
         NetworkDao networkDao = Mockito.mock(NetworkDao.class);
         AccountManager accountMgr = Mockito.mock(AccountManager.class);
         AutoScaleVmGroupDao autoScaleVmGroupDao = Mockito.mock(AutoScaleVmGroupDao.class);
+        VpcManager vpcMgr = Mockito.mock(VpcManager.class);
 
         _lbMgr._lbDao = lbDao;
         _lbMgr._lb2VmMapDao = lb2VmMapDao;
@@ -182,6 +184,7 @@ public void testNicIsNotInNw() throws ResourceAllocationException, ResourceUnava
         _lbMgr._rulesMgr = _rulesMgr;
         _lbMgr._networkModel = _networkModel;
         _lbMgr._autoScaleVmGroupDao = autoScaleVmGroupDao;
+        _lbMgr._vpcMgr = vpcMgr;
 
         when(lbDao.findById(anyLong())).thenReturn(Mockito.mock(LoadBalancerVO.class));
         when(userVmDao.findById(anyLong())).thenReturn(vm);
@@ -189,8 +192,9 @@ public void testNicIsNotInNw() throws ResourceAllocationException, ResourceUnava
         when(accountDao.findById(anyLong())).thenReturn(Mockito.mock(AccountVO.class));
         Mockito.doNothing().when(accountMgr).checkAccess(any(Account.class), any(SecurityChecker.AccessType.class), any(Boolean.class), any(Network.class));
         when(autoScaleVmGroupDao.isAutoScaleLoadBalancer(anyLong())).thenReturn(Boolean.FALSE);
+        when(vpcMgr.isNetworkOnVpcEnabledConserveMode(any())).thenReturn(false);
 
-        _lbMgr.assignToLoadBalancer(1L, null, vmIdIpMap, false);
+        _lbMgr.assignToLoadBalancer(1L, null, vmIdIpMap, null, false);
     }
 
 
@@ -218,6 +222,7 @@ public void tesSecIpNotSetToVm() throws ResourceAllocationException, ResourceUna
         AccountManager accountMgr = Mockito.mock(AccountManager.class);
         NicSecondaryIpDao nicSecIpDao =  Mockito.mock(NicSecondaryIpDao.class);
         AutoScaleVmGroupDao autoScaleVmGroupDao = Mockito.mock(AutoScaleVmGroupDao.class);
+        VpcManager vpcMgr = Mockito.mock(VpcManager.class);
 
         _lbMgr._lbDao = lbDao;
         _lbMgr._lb2VmMapDao = lb2VmMapDao;
@@ -230,14 +235,16 @@ public void tesSecIpNotSetToVm() throws ResourceAllocationException, ResourceUna
         _lbMgr._rulesMgr = _rulesMgr;
         _lbMgr._networkModel = _networkModel;
         _lbMgr._autoScaleVmGroupDao = autoScaleVmGroupDao;
+        _lbMgr._vpcMgr = vpcMgr;
 
         when(lbDao.findById(anyLong())).thenReturn(lbVO);
         when(userVmDao.findById(anyLong())).thenReturn(vm);
         when(lb2VmMapDao.listByLoadBalancerId(anyLong(), anyBoolean())).thenReturn(_lbvmMapList);
         when (nicSecIpDao.findByIp4AddressAndNicId(anyString(), anyLong())).thenReturn(null);
         when(autoScaleVmGroupDao.isAutoScaleLoadBalancer(anyLong())).thenReturn(Boolean.FALSE);
+        when(vpcMgr.isNetworkOnVpcEnabledConserveMode(any())).thenReturn(false);
 
-        _lbMgr.assignToLoadBalancer(1L, null, vmIdIpMap, false);
+        _lbMgr.assignToLoadBalancer(1L, null, vmIdIpMap, null, false);
     }
 
 
@@ -267,6 +274,7 @@ public void testVmIdAlreadyExist() throws ResourceAllocationException, ResourceU
         NicSecondaryIpDao nicSecIpDao =  Mockito.mock(NicSecondaryIpDao.class);
         LoadBalancerVMMapVO lbVmMapVO = new LoadBalancerVMMapVO(1L, 1L, "10.1.1.175", false);
         AutoScaleVmGroupDao autoScaleVmGroupDao = Mockito.mock(AutoScaleVmGroupDao.class);
+        VpcManager vpcMgr = Mockito.mock(VpcManager.class);
 
         _lbMgr._lbDao = lbDao;
         _lbMgr._lb2VmMapDao = lb2VmMapDao;
@@ -280,14 +288,16 @@ public void testVmIdAlreadyExist() throws ResourceAllocationException, ResourceU
         _lbMgr._rulesMgr = _rulesMgr;
         _lbMgr._networkModel = _networkModel;
         _lbMgr._autoScaleVmGroupDao = autoScaleVmGroupDao;
+        _lbMgr._vpcMgr = vpcMgr;
 
         when(lbDao.findById(anyLong())).thenReturn(lbVO);
         when(userVmDao.findById(anyLong())).thenReturn(vm);
         when(lb2VmMapDao.listByLoadBalancerId(anyLong(), anyBoolean())).thenReturn(_lbvmMapList);
         when (nicSecIpDao.findByIp4AddressAndNicId(anyString(), anyLong())).thenReturn(null);
         when(autoScaleVmGroupDao.isAutoScaleLoadBalancer(anyLong())).thenReturn(Boolean.FALSE);
+        when(vpcMgr.isNetworkOnVpcEnabledConserveMode(any())).thenReturn(false);
 
-        _lbMgr.assignToLoadBalancer(1L, null, vmIdIpMap, false);
+        _lbMgr.assignToLoadBalancer(1L, null, vmIdIpMap, null, false);
     }
 
     @After
diff --git a/server/src/test/java/com/cloud/network/lb/LoadBalancingRulesManagerImplTest.java b/server/src/test/java/com/cloud/network/lb/LoadBalancingRulesManagerImplTest.java
index 78655ba9a05e..cfa0e2edaae2 100644
--- a/server/src/test/java/com/cloud/network/lb/LoadBalancingRulesManagerImplTest.java
+++ b/server/src/test/java/com/cloud/network/lb/LoadBalancingRulesManagerImplTest.java
@@ -27,15 +27,18 @@
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
 import com.cloud.network.dao.SslCertVO;
+import com.cloud.network.vpc.VpcManager;
 import com.cloud.offerings.dao.NetworkOfferingServiceMapDao;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
 import com.cloud.user.AccountVO;
 import com.cloud.user.User;
 import com.cloud.user.UserVO;
+import com.cloud.uservm.UserVm;
 import com.cloud.utils.db.EntityManager;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.net.NetUtils;
+import com.cloud.vm.Nic;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ServerApiException;
@@ -54,7 +57,10 @@
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.UUID;
 
 import static org.mockito.ArgumentMatchers.anyLong;
@@ -89,6 +95,9 @@ public class LoadBalancingRulesManagerImplTest{
     @Mock
     NetworkOfferingServiceMapDao _networkOfferingServiceDao;
 
+    @Mock
+    VpcManager vpcManager;
+
     @Spy
     @InjectMocks
     LoadBalancingRulesManagerImpl lbr = new LoadBalancingRulesManagerImpl();
@@ -308,4 +317,47 @@ public void testUpdateLoadBalancerRule5() throws Exception {
         Mockito.verify(loadBalancerMock, times(1)).setLbProtocol(NetUtils.TCP_PROTO);
         Mockito.verify(loadBalancerMock, times(1)).setLbProtocol(NetUtils.SSL_PROTO);
     }
+
+    @Test
+    public void testGetVmNicInLoadBalancerDefaultCase() {
+        UserVm userVm = Mockito.mock(UserVm.class);
+        LoadBalancerVO loadBalancer = Mockito.mock(LoadBalancerVO.class);
+        Network loadBalancerNetwork = Mockito.mock(Network.class);
+        Account owner = Mockito.mock(Account.class);
+
+        when(vpcManager.isNetworkOnVpcEnabledConserveMode(Mockito.eq(loadBalancerNetwork))).thenReturn(false);
+
+        when(loadBalancer.getNetworkId()).thenReturn(networkId);
+        Nic nic = Mockito.mock(Nic.class);
+        when(nic.getNetworkId()).thenReturn(networkId);
+        List<? extends Nic> nics = Collections.singletonList(nic);
+        Mockito.doReturn(nics).when(_networkModel).getNics(anyLong());
+        Nic nicInLb = lbr.getVmNicInLoadBalancer(userVm, loadBalancer, loadBalancerNetwork, null, owner);
+        Assert.assertEquals(nic, nicInLb);
+    }
+
+    @Test
+    public void testGetVmNicInLoadBalancerVPCConserveMode() {
+        long vmId = 30L;
+        UserVm userVm = Mockito.mock(UserVm.class);
+        when(userVm.getId()).thenReturn(vmId);
+        LoadBalancerVO loadBalancer = Mockito.mock(LoadBalancerVO.class);
+        Network loadBalancerNetwork = Mockito.mock(Network.class);
+        Account owner = Mockito.mock(Account.class);
+
+        long networkTier2Id = 20L;
+        NetworkVO networkTier2 = Mockito.mock(NetworkVO.class);
+        Map<Long, Long> vmIdNetworkIdMap = new HashMap<>();
+        vmIdNetworkIdMap.put(vmId, networkTier2Id);
+
+        when(vpcManager.isNetworkOnVpcEnabledConserveMode(Mockito.eq(loadBalancerNetwork))).thenReturn(true);
+        when(_networkDao.findById(networkTier2Id)).thenReturn(networkTier2);
+        when(networkTier2.getVpcId()).thenReturn(10L);
+        when(loadBalancerNetwork.getVpcId()).thenReturn(10L);
+        Nic nic = Mockito.mock(Nic.class);
+        when(_networkModel.getNicInNetwork(Mockito.eq(vmId), Mockito.eq(networkTier2Id))).thenReturn(nic);
+
+        Nic nicInLb = lbr.getVmNicInLoadBalancer(userVm, loadBalancer, loadBalancerNetwork, vmIdNetworkIdMap, owner);
+        Assert.assertEquals(nic, nicInLb);
+    }
 }
diff --git a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
index 4f92c60e25ad..ff34d72c218d 100644
--- a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
+++ b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
@@ -581,4 +581,27 @@ public void validateVpcPrivateGatewayTestAclFromDifferentVpcThrowsInvalidParamet
         Assert.assertThrows(InvalidParameterValueException.class, () -> manager.validateVpcPrivateGatewayAclId(vpcId, differentVpcAclId));
     }
 
+    @Test
+    public void testIsNetworkOnVpcEnabledConserveModeIsolatedNetwork() {
+        Network network = mock(Network.class);
+        Mockito.when(network.getVpcId()).thenReturn(null);
+        Assert.assertFalse(manager.isNetworkOnVpcEnabledConserveMode(network));
+    }
+
+    @Test
+    public void testIsNetworkOnVpcEnabledConserveModeVpcNetworkConserveMode() {
+        Network network = mock(Network.class);
+        Vpc vpc = mock(Vpc.class);
+        VpcOfferingVO vpcOffering = mock(VpcOfferingVO.class);
+        long vpcId = 10L;
+        long vpcOfferingId = 11L;
+
+        Mockito.when(network.getVpcId()).thenReturn(vpcId);
+        Mockito.when(vpcDao.getActiveVpcById(Mockito.eq(vpcId))).thenReturn(vpc);
+        Mockito.when(vpc.getVpcOfferingId()).thenReturn(vpcOfferingId);
+        Mockito.when(vpcOfferingDao.findById(Mockito.eq(vpcOfferingId))).thenReturn(vpcOffering);
+        Mockito.when(vpcOffering.isConserveMode()).thenReturn(true);
+        Assert.assertTrue(manager.isNetworkOnVpcEnabledConserveMode(network));
+    }
+
 }
diff --git a/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java b/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
index 2982c19ccdd4..a8d3927f910e 100644
--- a/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
+++ b/server/src/test/java/com/cloud/vpc/MockConfigurationManagerImpl.java
@@ -51,15 +51,18 @@
 import com.cloud.utils.net.NetUtils;
 import org.apache.cloudstack.api.command.admin.config.ResetCfgCmd;
 import org.apache.cloudstack.api.command.admin.config.UpdateCfgCmd;
+import org.apache.cloudstack.api.command.admin.network.CloneNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.CreateGuestNetworkIpv6PrefixCmd;
 import org.apache.cloudstack.api.command.admin.network.CreateManagementNetworkIpRangeCmd;
-import org.apache.cloudstack.api.command.admin.network.CreateNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.DeleteGuestNetworkIpv6PrefixCmd;
 import org.apache.cloudstack.api.command.admin.network.DeleteManagementNetworkIpRangeCmd;
 import org.apache.cloudstack.api.command.admin.network.DeleteNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.ListGuestNetworkIpv6PrefixesCmd;
+import org.apache.cloudstack.api.command.admin.network.NetworkOfferingBaseCmd;
 import org.apache.cloudstack.api.command.admin.network.UpdateNetworkOfferingCmd;
 import org.apache.cloudstack.api.command.admin.network.UpdatePodManagementNetworkIpRangeCmd;
+import org.apache.cloudstack.api.command.admin.offering.CloneDiskOfferingCmd;
+import org.apache.cloudstack.api.command.admin.offering.CloneServiceOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.CreateDiskOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.CreateServiceOfferingCmd;
 import org.apache.cloudstack.api.command.admin.offering.DeleteDiskOfferingCmd;
@@ -117,6 +120,24 @@ public ServiceOffering createServiceOffering(CreateServiceOfferingCmd cmd) {
         return null;
     }
 
+    @Override
+    public ServiceOffering cloneServiceOffering(CloneServiceOfferingCmd cmd) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public DiskOffering cloneDiskOffering(CloneDiskOfferingCmd cmd) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public NetworkOffering cloneNetworkOffering(CloneNetworkOfferingCmd cmd) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
     /* (non-Javadoc)
      * @see com.cloud.configuration.ConfigurationService#updateServiceOffering(org.apache.cloudstack.api.commands.UpdateServiceOfferingCmd)
      */
@@ -336,7 +357,7 @@ public boolean deleteVlanIpRange(DeleteVlanIpRangeCmd cmd) {
      * @see com.cloud.configuration.ConfigurationService#createNetworkOffering(org.apache.cloudstack.api.commands.CreateNetworkOfferingCmd)
      */
     @Override
-    public NetworkOffering createNetworkOffering(CreateNetworkOfferingCmd cmd) {
+    public NetworkOffering createNetworkOffering(NetworkOfferingBaseCmd cmd) {
         // TODO Auto-generated method stub
         return null;
     }
diff --git a/server/src/test/java/com/cloud/vpc/MockNetworkManagerImpl.java b/server/src/test/java/com/cloud/vpc/MockNetworkManagerImpl.java
index 54d8d67b6f8d..de768388b449 100644
--- a/server/src/test/java/com/cloud/vpc/MockNetworkManagerImpl.java
+++ b/server/src/test/java/com/cloud/vpc/MockNetworkManagerImpl.java
@@ -1148,4 +1148,9 @@ public void expungeLbVmRefs(List<Long> vmIds, Long batchSize) {
     public String getNicVlanValueForExternalVm(NicTO nic) {
         return null;
     }
+
+    @Override
+    public Long getPreferredNetworkIdForPublicIpRuleAssignment(IpAddress ip, Long networkId) {
+        return null;
+    }
 }
diff --git a/server/src/test/java/org/apache/cloudstack/backup/BackupManagerTest.java b/server/src/test/java/org/apache/cloudstack/backup/BackupManagerTest.java
index a9c083228e2b..9aba65791a3e 100644
--- a/server/src/test/java/org/apache/cloudstack/backup/BackupManagerTest.java
+++ b/server/src/test/java/org/apache/cloudstack/backup/BackupManagerTest.java
@@ -76,6 +76,7 @@
 import com.google.gson.Gson;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.command.admin.backup.CloneBackupOfferingCmd;
 import org.apache.cloudstack.api.command.admin.backup.ImportBackupOfferingCmd;
 import org.apache.cloudstack.api.command.admin.backup.UpdateBackupOfferingCmd;
 import org.apache.cloudstack.api.command.user.backup.CreateBackupCmd;
@@ -132,6 +133,7 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.mockito.Mockito.atLeastOnce;
+import org.mockito.ArgumentCaptor;
 
 @RunWith(MockitoJUnitRunner.class)
 public class BackupManagerTest {
@@ -2518,4 +2520,109 @@ private BackupOfferingVO createMockOffering(Long id, String name) {
         return offering;
     }
 
+    @Test
+    public void testCloneBackupOfferingUsesProvidedDomainIds() {
+        Long sourceOfferingId = 1L;
+        Long zoneId = 10L;
+        Long savedOfferingId = 2L;
+        String externalId = UUID.randomUUID().toString();
+        List<Long> providedDomainIds = List.of(11L);
+
+        // command
+        CloneBackupOfferingCmd cmd = Mockito.mock(CloneBackupOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceOfferingId);
+        when(cmd.getName()).thenReturn("Cloned Offering");
+        when(cmd.getDescription()).thenReturn(null);
+        when(cmd.getExternalId()).thenReturn(null);
+        when(cmd.getUserDrivenBackups()).thenReturn(null);
+        when(cmd.getZoneId()).thenReturn(null);
+        when(cmd.getDomainIds()).thenReturn(providedDomainIds);
+
+        // source offering
+        BackupOfferingVO sourceOffering = Mockito.mock(BackupOfferingVO.class);
+        when(sourceOffering.getZoneId()).thenReturn(zoneId);
+        when(sourceOffering.getExternalId()).thenReturn(externalId);
+        when(sourceOffering.getProvider()).thenReturn("testbackupprovider");
+        when(sourceOffering.getDescription()).thenReturn("src desc");
+        when(sourceOffering.isUserDrivenBackupAllowed()).thenReturn(true);
+        when(sourceOffering.getName()).thenReturn("Source Offering");
+
+        when(backupOfferingDao.findById(sourceOfferingId)).thenReturn(sourceOffering);
+        when(backupOfferingDao.findByName(cmd.getName(), zoneId)).thenReturn(null);
+
+        BackupOfferingVO savedOffering = Mockito.mock(BackupOfferingVO.class);
+        when(savedOffering.getId()).thenReturn(savedOfferingId);
+        when(backupOfferingDao.persist(any(BackupOfferingVO.class))).thenReturn(savedOffering);
+
+        DomainVO domain = Mockito.mock(DomainVO.class);
+        when(domainDao.findById(11L)).thenReturn(domain);
+
+        overrideBackupFrameworkConfigValue();
+
+        BackupOffering result = backupManager.cloneBackupOffering(cmd);
+
+        assertEquals(savedOffering, result);
+
+        ArgumentCaptor<List> captor = ArgumentCaptor.forClass(List.class);
+        verify(backupOfferingDetailsDao, times(1)).saveDetails(captor.capture());
+        List<BackupOfferingDetailsVO> savedDetails = captor.getValue();
+        assertEquals(1, savedDetails.size());
+        assertEquals(String.valueOf(11L), savedDetails.get(0).getValue());
+    }
+
+    @Test
+    public void testCloneBackupOfferingInheritsDomainIdsFromSource() {
+        Long sourceOfferingId = 3L;
+        Long zoneId = 20L;
+        Long savedOfferingId = 4L;
+        List<Long> sourceDomainIds = List.of(21L, 22L);
+
+        CloneBackupOfferingCmd cmd = Mockito.mock(CloneBackupOfferingCmd.class);
+        when(cmd.getSourceOfferingId()).thenReturn(sourceOfferingId);
+        when(cmd.getName()).thenReturn("Cloned Inherit Offering");
+        when(cmd.getDescription()).thenReturn(null);
+        when(cmd.getExternalId()).thenReturn(null);
+        when(cmd.getUserDrivenBackups()).thenReturn(null);
+        when(cmd.getZoneId()).thenReturn(null);
+        // Simulate resolver having provided the source offering domains (the real cmd#getDomainIds() would do this)
+        when(cmd.getDomainIds()).thenReturn(sourceDomainIds);
+
+        BackupOfferingVO sourceOffering = Mockito.mock(BackupOfferingVO.class);
+        when(sourceOffering.getZoneId()).thenReturn(zoneId);
+        when(sourceOffering.getExternalId()).thenReturn("ext-src-2");
+        when(sourceOffering.getProvider()).thenReturn("testbackupprovider");
+        when(sourceOffering.getDescription()).thenReturn("src desc 2");
+        when(sourceOffering.isUserDrivenBackupAllowed()).thenReturn(false);
+        when(sourceOffering.getName()).thenReturn("Source Offering 2");
+
+        when(backupOfferingDao.findById(sourceOfferingId)).thenReturn(sourceOffering);
+        when(backupOfferingDao.findByName(cmd.getName(), zoneId)).thenReturn(null);
+
+        BackupOfferingVO savedOffering = Mockito.mock(BackupOfferingVO.class);
+        when(savedOffering.getId()).thenReturn(savedOfferingId);
+        when(backupOfferingDao.persist(any(BackupOfferingVO.class))).thenReturn(savedOffering);
+
+        // domain handling
+        DomainVO domain21 = Mockito.mock(DomainVO.class);
+        DomainVO domain22 = Mockito.mock(DomainVO.class);
+        when(domainDao.findById(21L)).thenReturn(domain21);
+        when(domainDao.findById(22L)).thenReturn(domain22);
+        when(domainHelper.filterChildSubDomains(sourceDomainIds)).thenReturn(new ArrayList<>(sourceDomainIds));
+
+        overrideBackupFrameworkConfigValue();
+
+        BackupOffering result = backupManager.cloneBackupOffering(cmd);
+        assertEquals(savedOffering, result);
+
+        ArgumentCaptor<List> captor = ArgumentCaptor.forClass(List.class);
+        verify(backupOfferingDetailsDao, times(1)).saveDetails(captor.capture());
+        List<BackupOfferingDetailsVO> savedDetails = captor.getValue();
+        assertEquals(2, savedDetails.size());
+        List<String> values = new ArrayList<>();
+        for (BackupOfferingDetailsVO d : savedDetails) {
+            values.add(d.getValue());
+        }
+        assertTrue(values.contains(String.valueOf(21L)));
+        assertTrue(values.contains(String.valueOf(22L)));
+    }
 }
diff --git a/test/integration/component/test_kubernetes_cluster_affinity_groups.py b/test/integration/component/test_kubernetes_cluster_affinity_groups.py
new file mode 100644
index 000000000000..80450d37bb2a
--- /dev/null
+++ b/test/integration/component/test_kubernetes_cluster_affinity_groups.py
@@ -0,0 +1,931 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""Tests for Kubernetes cluster affinity groups feature"""
+
+import unittest
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.cloudstackAPI import (listInfrastructure,
+                                  listKubernetesSupportedVersions,
+                                  addKubernetesSupportedVersion,
+                                  deleteKubernetesSupportedVersion,
+                                  listKubernetesClusters,
+                                  createKubernetesCluster,
+                                  stopKubernetesCluster,
+                                  startKubernetesCluster,
+                                  deleteKubernetesCluster,
+                                  scaleKubernetesCluster,
+                                  destroyVirtualMachine,
+                                  deleteNetwork)
+from marvin.cloudstackException import CloudstackAPIException
+from marvin.lib.base import (ServiceOffering,
+                             Account,
+                             AffinityGroup,
+                             Configurations)
+from marvin.lib.utils import (cleanup_resources,
+                              random_gen)
+from marvin.lib.common import (get_zone,
+                               get_domain)
+from marvin.sshClient import SshClient
+from nose.plugins.attrib import attr
+from marvin.lib.decoratorGenerators import skipTestIf
+
+import time
+
+_multiprocess_shared_ = True
+
+RAND_SUFFIX = random_gen()
+
+
+class TestKubernetesClusterAffinityGroups(cloudstackTestCase):
+    """
+    Tests for CKS Affinity Groups feature (since 4.23.0)
+
+    This feature allows specifying different affinity groups for each
+    Kubernetes node type (CONTROL, WORKER, ETCD).
+    """
+
+    @classmethod
+    def setUpClass(cls):
+        testClient = super(TestKubernetesClusterAffinityGroups, cls).getClsTestClient()
+        if testClient is None:
+            raise unittest.SkipTest("Marvin test client not available - check marvin configuration")
+        cls.apiclient = testClient.getApiClient()
+        cls.services = testClient.getParsedTestDataConfig()
+        cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
+        cls.hypervisor = testClient.getHypervisorInfo()
+        cls.mgtSvrDetails = cls.config.__dict__["mgtSvr"][0].__dict__
+
+        cls.hypervisorNotSupported = False
+        if cls.hypervisor.lower() not in ["kvm", "vmware", "xenserver"]:
+            cls.hypervisorNotSupported = True
+
+        cls.setup_failed = False
+        cls._cleanup = []
+        cls.kubernetes_version_ids = []
+        cls.initial_configuration_cks_enabled = None
+
+        cls.k8s_version = cls.services.get("cks_kubernetes_version_upgrade_to",
+                                           cls.services.get("cks_kubernetes_version_upgrade_from"))
+
+        if cls.hypervisorNotSupported == False:
+            cls.endpoint_url = Configurations.list(cls.apiclient, name="endpoint.url")[0].value
+            if "localhost" in cls.endpoint_url:
+                endpoint_url = "http://%s:%d/client/api" % (cls.mgtSvrDetails["mgtSvrIp"], cls.mgtSvrDetails["port"])
+                cls.debug("Setting endpoint.url to %s" % endpoint_url)
+                Configurations.update(cls.apiclient, "endpoint.url", endpoint_url)
+
+            cls.initial_configuration_cks_enabled = Configurations.list(
+                cls.apiclient, name="cloud.kubernetes.service.enabled")[0].value
+            if cls.initial_configuration_cks_enabled not in ["true", True]:
+                cls.debug("Enabling CloudStack Kubernetes Service plugin and restarting management server")
+                Configurations.update(cls.apiclient, "cloud.kubernetes.service.enabled", "true")
+                cls.restartServer()
+
+            cls.cks_service_offering = None
+
+            if cls.setup_failed == False:
+                try:
+                    cls.kubernetes_version = cls.addKubernetesSupportedVersion(
+                        cls.services["cks_kubernetes_versions"][cls.k8s_version])
+                    cls.kubernetes_version_ids.append(cls.kubernetes_version.id)
+                except Exception as e:
+                    cls.setup_failed = True
+                    cls.debug("Failed to get Kubernetes version ISO in ready state: %s" % e)
+
+            if cls.setup_failed == False:
+                cks_offering_data = cls.services["cks_service_offering"]
+                cks_offering_data["name"] = 'CKS-Instance-' + random_gen()
+                cls.cks_service_offering = ServiceOffering.create(
+                    cls.apiclient,
+                    cks_offering_data
+                )
+                cls._cleanup.append(cls.cks_service_offering)
+
+                cls.domain = get_domain(cls.apiclient)
+                cls.account = Account.create(
+                    cls.apiclient,
+                    cls.services["account"],
+                    domainid=cls.domain.id
+                )
+                cls._cleanup.append(cls.account)
+
+        cls.default_network = None
+
+        return
+
+    @classmethod
+    def tearDownClass(cls):
+        # Delete added Kubernetes supported version
+        for version_id in cls.kubernetes_version_ids:
+            try:
+                cls.deleteKubernetesSupportedVersion(version_id)
+            except Exception as e:
+                cls.debug("Error during cleanup for Kubernetes versions: %s" % e)
+
+        # Restore CKS enabled
+        if cls.initial_configuration_cks_enabled not in ["true", True]:
+            cls.debug("Restoring Kubernetes Service enabled value")
+            Configurations.update(cls.apiclient, "cloud.kubernetes.service.enabled", "false")
+            cls.restartServer()
+
+        super(TestKubernetesClusterAffinityGroups, cls).tearDownClass()
+
+    @classmethod
+    def restartServer(cls):
+        """Restart management server"""
+        cls.debug("Restarting management server")
+        sshClient = SshClient(
+            cls.mgtSvrDetails["mgtSvrIp"],
+            22,
+            cls.mgtSvrDetails["user"],
+            cls.mgtSvrDetails["passwd"]
+        )
+        command = "service cloudstack-management stop"
+        sshClient.execute(command)
+
+        command = "service cloudstack-management start"
+        sshClient.execute(command)
+
+        # Wait for management to come up in 5 mins
+        timeout = time.time() + 300
+        while time.time() < timeout:
+            if cls.isManagementUp() is True:
+                return
+            time.sleep(5)
+        cls.setup_failed = True
+        cls.debug("Management server did not come up, failing")
+        return
+
+    @classmethod
+    def isManagementUp(cls):
+        try:
+            cls.apiclient.listInfrastructure(listInfrastructure.listInfrastructureCmd())
+            return True
+        except Exception:
+            return False
+
+    @classmethod
+    def waitForKubernetesSupportedVersionIsoReadyState(cls, version_id, retries=30, interval=60):
+        """Check if Kubernetes supported version ISO is in Ready state"""
+        while retries > 0:
+            time.sleep(interval)
+            list_versions_response = cls.listKubernetesSupportedVersion(version_id)
+            if not hasattr(list_versions_response, 'isostate') or not list_versions_response or not list_versions_response.isostate:
+                retries = retries - 1
+                continue
+            if 'Ready' == list_versions_response.isostate:
+                return
+            elif 'Failed' == list_versions_response.isostate:
+                raise Exception("Failed to download template: status - %s" % list_versions_response.isostate)
+            retries = retries - 1
+        raise Exception("Kubernetes supported version Ready state timed out")
+
+    @classmethod
+    def listKubernetesSupportedVersion(cls, version_id):
+        listKubernetesSupportedVersionsCmd = listKubernetesSupportedVersions.listKubernetesSupportedVersionsCmd()
+        listKubernetesSupportedVersionsCmd.id = version_id
+        versionResponse = cls.apiclient.listKubernetesSupportedVersions(listKubernetesSupportedVersionsCmd)
+        return versionResponse[0]
+
+    @classmethod
+    def addKubernetesSupportedVersion(cls, version_service):
+        addKubernetesSupportedVersionCmd = addKubernetesSupportedVersion.addKubernetesSupportedVersionCmd()
+        addKubernetesSupportedVersionCmd.semanticversion = version_service["semanticversion"]
+        addKubernetesSupportedVersionCmd.name = 'v' + version_service["semanticversion"] + '-' + random_gen()
+        addKubernetesSupportedVersionCmd.url = version_service["url"]
+        addKubernetesSupportedVersionCmd.mincpunumber = version_service["mincpunumber"]
+        addKubernetesSupportedVersionCmd.minmemory = version_service["minmemory"]
+        kubernetes_version = cls.apiclient.addKubernetesSupportedVersion(addKubernetesSupportedVersionCmd)
+        cls.debug("Waiting for Kubernetes version with ID %s to be ready" % kubernetes_version.id)
+        cls.waitForKubernetesSupportedVersionIsoReadyState(kubernetes_version.id)
+        kubernetes_version = cls.listKubernetesSupportedVersion(kubernetes_version.id)
+        return kubernetes_version
+
+    @classmethod
+    def deleteKubernetesSupportedVersion(cls, version_id):
+        deleteKubernetesSupportedVersionCmd = deleteKubernetesSupportedVersion.deleteKubernetesSupportedVersionCmd()
+        deleteKubernetesSupportedVersionCmd.id = version_id
+        cls.apiclient.deleteKubernetesSupportedVersion(deleteKubernetesSupportedVersionCmd)
+
+    @classmethod
+    def listKubernetesCluster(cls, cluster_id=None, cluster_name=None):
+        listKubernetesClustersCmd = listKubernetesClusters.listKubernetesClustersCmd()
+        listKubernetesClustersCmd.listall = True
+        if cluster_id is not None:
+            listKubernetesClustersCmd.id = cluster_id
+        if cluster_name is not None:
+            listKubernetesClustersCmd.name = cluster_name
+        clusterResponse = cls.apiclient.listKubernetesClusters(listKubernetesClustersCmd)
+        if (cluster_id is not None or cluster_name is not None) and clusterResponse is not None:
+            return clusterResponse[0]
+        return clusterResponse
+
+    @classmethod
+    def deleteKubernetesCluster(cls, cluster_id):
+        deleteKubernetesClusterCmd = deleteKubernetesCluster.deleteKubernetesClusterCmd()
+        deleteKubernetesClusterCmd.id = cluster_id
+        response = cls.apiclient.deleteKubernetesCluster(deleteKubernetesClusterCmd)
+        return response
+
+    @classmethod
+    def stopKubernetesCluster(cls, cluster_id):
+        stopKubernetesClusterCmd = stopKubernetesCluster.stopKubernetesClusterCmd()
+        stopKubernetesClusterCmd.id = cluster_id
+        response = cls.apiclient.stopKubernetesCluster(stopKubernetesClusterCmd)
+        return response
+
+    def setUp(self):
+        self.services = self.testClient.getParsedTestDataConfig()
+        self.apiclient = self.testClient.getApiClient()
+        self.dbclient = self.testClient.getDbConnection()
+        self.cleanup = []
+        self.aff_grp = []
+        return
+
+    def tearDown(self):
+        super(TestKubernetesClusterAffinityGroups, self).tearDown()
+
+    def deleteKubernetesClusterAndVerify(self, cluster_id, verify=True, forced=False):
+        """Delete Kubernetes cluster and check if it is really deleted"""
+        delete_response = {}
+        forceDeleted = False
+        try:
+            delete_response = self.deleteKubernetesCluster(cluster_id)
+        except Exception as e:
+            if forced:
+                cluster = self.listKubernetesCluster(cluster_id)
+                if cluster is not None:
+                    if cluster.state in ['Starting', 'Running', 'Upgrading', 'Scaling']:
+                        self.stopKubernetesCluster(cluster_id)
+                        self.deleteKubernetesCluster(cluster_id)
+                    else:
+                        forceDeleted = True
+                        for cluster_vm in cluster.virtualmachines:
+                            cmd = destroyVirtualMachine.destroyVirtualMachineCmd()
+                            cmd.id = cluster_vm.id
+                            cmd.expunge = True
+                            self.apiclient.destroyVirtualMachine(cmd)
+                        cmd = deleteNetwork.deleteNetworkCmd()
+                        cmd.id = cluster.networkid
+                        cmd.forced = True
+                        self.apiclient.deleteNetwork(cmd)
+                        self.dbclient.execute(
+                            "update kubernetes_cluster set state='Destroyed', removed=now() where uuid = '%s';" % cluster.id)
+            else:
+                raise Exception("Error: Exception during delete cluster : %s" % e)
+
+        if verify and not forceDeleted:
+            self.assertEqual(
+                delete_response.success,
+                True,
+                "Check KubernetesCluster delete response {}, {}".format(delete_response.success, True)
+            )
+
+            db_cluster_removed = \
+            self.dbclient.execute("select removed from kubernetes_cluster where uuid = '%s';" % cluster_id)[0][0]
+
+            self.assertNotEqual(
+                db_cluster_removed,
+                None,
+                "KubernetesCluster not removed in DB, {}".format(db_cluster_removed)
+            )
+
+    def create_aff_grp(self, aff_grp_name=None, aff_grp_type="host anti-affinity"):
+        """Create an affinity group"""
+        if aff_grp_name is None:
+            aff_grp_name = "aff_grp_" + random_gen(size=6)
+
+        aff_grp_data = {
+            "name": aff_grp_name,
+            "type": aff_grp_type
+        }
+        aff_grp = AffinityGroup.create(
+            self.apiclient,
+            aff_grp_data,
+            self.account.name,
+            self.domain.id
+        )
+        self.aff_grp.append(aff_grp)
+        self.cleanup.append(aff_grp)
+        return aff_grp
+
+    def createKubernetesCluster(self, name, version_id, size=1, control_nodes=1, etcd_nodes=0,
+                                control_aff_grp=None, worker_aff_grp=None, etcd_aff_grp=None):
+        """Create a Kubernetes cluster with optional affinity groups for each node type"""
+        createKubernetesClusterCmd = createKubernetesCluster.createKubernetesClusterCmd()
+        createKubernetesClusterCmd.name = name
+        createKubernetesClusterCmd.description = name + "-description"
+        createKubernetesClusterCmd.kubernetesversionid = version_id
+        createKubernetesClusterCmd.size = size
+        createKubernetesClusterCmd.controlnodes = control_nodes
+        createKubernetesClusterCmd.serviceofferingid = self.cks_service_offering.id
+        createKubernetesClusterCmd.zoneid = self.zone.id
+        createKubernetesClusterCmd.noderootdisksize = 10
+        createKubernetesClusterCmd.account = self.account.name
+        createKubernetesClusterCmd.domainid = self.domain.id
+
+        if etcd_nodes > 0:
+            createKubernetesClusterCmd.etcdnodes = etcd_nodes
+
+        # Set affinity groups for node types using the nodeaffinitygroups parameter
+        # Format: list of {node: "<NODE_TYPE>", affinitygroup: "<UUID>"}
+        if control_aff_grp is not None:
+            if not hasattr(createKubernetesClusterCmd, 'nodeaffinitygroups'):
+                createKubernetesClusterCmd.nodeaffinitygroups = []
+            createKubernetesClusterCmd.nodeaffinitygroups.append({
+                "node": "CONTROL",
+                "affinitygroup": control_aff_grp.id
+            })
+        if worker_aff_grp is not None:
+            if not hasattr(createKubernetesClusterCmd, 'nodeaffinitygroups'):
+                createKubernetesClusterCmd.nodeaffinitygroups = []
+            createKubernetesClusterCmd.nodeaffinitygroups.append({
+                "node": "WORKER",
+                "affinitygroup": worker_aff_grp.id
+            })
+        if etcd_aff_grp is not None:
+            if not hasattr(createKubernetesClusterCmd, 'nodeaffinitygroups'):
+                createKubernetesClusterCmd.nodeaffinitygroups = []
+            createKubernetesClusterCmd.nodeaffinitygroups.append({
+                "node": "ETCD",
+                "affinitygroup": etcd_aff_grp.id
+            })
+
+        if self.default_network:
+            createKubernetesClusterCmd.networkid = self.default_network.id
+
+        clusterResponse = self.apiclient.createKubernetesCluster(createKubernetesClusterCmd)
+        return clusterResponse
+
+    def startKubernetesCluster(self, cluster_id):
+        startKubernetesClusterCmd = startKubernetesCluster.startKubernetesClusterCmd()
+        startKubernetesClusterCmd.id = cluster_id
+        response = self.apiclient.startKubernetesCluster(startKubernetesClusterCmd)
+        return response
+
+    def scaleKubernetesCluster(self, cluster_id, size):
+        scaleKubernetesClusterCmd = scaleKubernetesCluster.scaleKubernetesClusterCmd()
+        scaleKubernetesClusterCmd.id = cluster_id
+        scaleKubernetesClusterCmd.size = size
+        response = self.apiclient.scaleKubernetesCluster(scaleKubernetesClusterCmd)
+        return response
+
+    def verifyKubernetesClusterState(self, cluster_response, state):
+        """Check if Kubernetes cluster state matches expected state"""
+        self.assertEqual(
+            cluster_response.state,
+            state,
+            "Check KubernetesCluster state {}, expected {}".format(cluster_response.state, state)
+        )
+
+    def verifyKubernetesClusterAffinityGroups(self, cluster, control_aff_grp=None,
+                                               worker_aff_grp=None, etcd_aff_grp=None):
+        """Verify affinity groups are correctly assigned to the cluster"""
+        if control_aff_grp is not None:
+            self.assertEqual(
+                cluster.controlnodeaffinitygroupid,
+                control_aff_grp.id,
+                "Control node affinity group ID mismatch. Expected: {}, Got: {}".format(
+                    control_aff_grp.id, cluster.controlnodeaffinitygroupid)
+            )
+            self.assertEqual(
+                cluster.controlnodeaffinitygroupname,
+                control_aff_grp.name,
+                "Control node affinity group name mismatch. Expected: {}, Got: {}".format(
+                    control_aff_grp.name, cluster.controlnodeaffinitygroupname)
+            )
+        else:
+            self.assertTrue(
+                not hasattr(cluster, 'controlnodeaffinitygroupid') or cluster.controlnodeaffinitygroupid is None,
+                "Control node affinity group should be None"
+            )
+
+        if worker_aff_grp is not None:
+            self.assertEqual(
+                cluster.workernodeaffinitygroupid,
+                worker_aff_grp.id,
+                "Worker node affinity group ID mismatch. Expected: {}, Got: {}".format(
+                    worker_aff_grp.id, cluster.workernodeaffinitygroupid)
+            )
+            self.assertEqual(
+                cluster.workernodeaffinitygroupname,
+                worker_aff_grp.name,
+                "Worker node affinity group name mismatch. Expected: {}, Got: {}".format(
+                    worker_aff_grp.name, cluster.workernodeaffinitygroupname)
+            )
+        else:
+            self.assertTrue(
+                not hasattr(cluster, 'workernodeaffinitygroupid') or cluster.workernodeaffinitygroupid is None,
+                "Worker node affinity group should be None"
+            )
+
+        if etcd_aff_grp is not None:
+            self.assertEqual(
+                cluster.etcdnodeaffinitygroupid,
+                etcd_aff_grp.id,
+                "ETCD node affinity group ID mismatch. Expected: {}, Got: {}".format(
+                    etcd_aff_grp.id, cluster.etcdnodeaffinitygroupid)
+            )
+            self.assertEqual(
+                cluster.etcdnodeaffinitygroupname,
+                etcd_aff_grp.name,
+                "ETCD node affinity group name mismatch. Expected: {}, Got: {}".format(
+                    etcd_aff_grp.name, cluster.etcdnodeaffinitygroupname)
+            )
+        else:
+            self.assertTrue(
+                not hasattr(cluster, 'etcdnodeaffinitygroupid') or cluster.etcdnodeaffinitygroupid is None,
+                "ETCD node affinity group should be None"
+            )
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorNotSupported")
+    def test_01_create_cluster_with_control_node_affinity_group(self):
+        """Test creating a Kubernetes cluster with affinity group for control nodes only
+
+        # Validate the following:
+        # 1. Create an affinity group
+        # 2. Create a Kubernetes cluster with the affinity group for control nodes
+        # 3. Verify cluster is created successfully and affinity group is assigned
+        """
+        if self.setup_failed:
+            self.fail("Setup incomplete")
+
+        self.debug("Creating affinity group for control nodes")
+        control_aff_grp = self.create_aff_grp(aff_grp_name="control-aff-grp-" + random_gen())
+
+        self.debug("Creating Kubernetes cluster with control node affinity group")
+        cluster_name = "cks-aff-grp-control-" + random_gen()
+        try:
+            cluster = self.createKubernetesCluster(
+                cluster_name,
+                self.kubernetes_version.id,
+                size=1,
+                control_nodes=1,
+                control_aff_grp=control_aff_grp
+            )
+
+            self.verifyKubernetesClusterState(cluster, 'Running')
+            self.verifyKubernetesClusterAffinityGroups(
+                cluster,
+                control_aff_grp=control_aff_grp,
+                worker_aff_grp=None,
+                etcd_aff_grp=None
+            )
+
+            self.debug("Kubernetes cluster with control node affinity group created successfully")
+        finally:
+            cluster = self.listKubernetesCluster(cluster_name=cluster_name)
+            if cluster is not None:
+                self.deleteKubernetesClusterAndVerify(cluster.id, False, True)
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorNotSupported")
+    def test_02_create_cluster_with_worker_node_affinity_group(self):
+        """Test creating a Kubernetes cluster with affinity group for worker nodes only
+
+        # Validate the following:
+        # 1. Create an affinity group
+        # 2. Create a Kubernetes cluster with the affinity group for worker nodes
+        # 3. Verify cluster is created successfully and affinity group is assigned
+        """
+        if self.setup_failed:
+            self.fail("Setup incomplete")
+
+        self.debug("Creating affinity group for worker nodes")
+        worker_aff_grp = self.create_aff_grp(aff_grp_name="worker-aff-grp-" + random_gen())
+
+        self.debug("Creating Kubernetes cluster with worker node affinity group")
+        cluster_name = "cks-aff-grp-worker-" + random_gen()
+        try:
+            cluster = self.createKubernetesCluster(
+                cluster_name,
+                self.kubernetes_version.id,
+                size=1,
+                control_nodes=1,
+                worker_aff_grp=worker_aff_grp
+            )
+
+            self.verifyKubernetesClusterState(cluster, 'Running')
+            self.verifyKubernetesClusterAffinityGroups(
+                cluster,
+                control_aff_grp=None,
+                worker_aff_grp=worker_aff_grp,
+                etcd_aff_grp=None
+            )
+
+            self.debug("Kubernetes cluster with worker node affinity group created successfully")
+        finally:
+            cluster = self.listKubernetesCluster(cluster_name=cluster_name)
+            if cluster is not None:
+                self.deleteKubernetesClusterAndVerify(cluster.id, False, True)
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorNotSupported")
+    def test_03_create_cluster_with_all_node_type_affinity_groups(self):
+        """Test creating a Kubernetes cluster with different affinity groups for all node types
+
+        # Validate the following:
+        # 1. Create separate affinity groups for control, worker, and etcd nodes
+        # 2. Create a Kubernetes cluster with affinity groups for all node types
+        # 3. Verify cluster is created successfully and all affinity groups are assigned
+        """
+        if self.setup_failed:
+            self.fail("Setup incomplete")
+
+        self.debug("Creating affinity groups for all node types")
+        control_aff_grp = self.create_aff_grp(aff_grp_name="control-aff-grp-" + random_gen())
+        worker_aff_grp = self.create_aff_grp(aff_grp_name="worker-aff-grp-" + random_gen())
+        etcd_aff_grp = self.create_aff_grp(aff_grp_name="etcd-aff-grp-" + random_gen())
+
+        self.debug("Creating Kubernetes cluster with affinity groups for all node types")
+        cluster_name = "cks-aff-grp-all-" + random_gen()
+        try:
+            cluster = self.createKubernetesCluster(
+                cluster_name,
+                self.kubernetes_version.id,
+                size=1,
+                control_nodes=1,
+                etcd_nodes=1,
+                control_aff_grp=control_aff_grp,
+                worker_aff_grp=worker_aff_grp,
+                etcd_aff_grp=etcd_aff_grp
+            )
+
+            self.verifyKubernetesClusterState(cluster, 'Running')
+            self.verifyKubernetesClusterAffinityGroups(
+                cluster,
+                control_aff_grp=control_aff_grp,
+                worker_aff_grp=worker_aff_grp,
+                etcd_aff_grp=etcd_aff_grp
+            )
+
+            self.debug("Kubernetes cluster with all node type affinity groups created successfully")
+        finally:
+            cluster = self.listKubernetesCluster(cluster_name=cluster_name)
+            if cluster is not None:
+                self.deleteKubernetesClusterAndVerify(cluster.id, False, True)
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorNotSupported")
+    def test_04_create_cluster_with_same_affinity_group_all_node_types(self):
+        """Test creating a Kubernetes cluster with the same affinity group for all node types
+
+        # Validate the following:
+        # 1. Create a single affinity group
+        # 2. Create a Kubernetes cluster using the same affinity group for all node types
+        # 3. Verify cluster is created successfully
+        """
+        if self.setup_failed:
+            self.fail("Setup incomplete")
+
+        self.debug("Creating a single affinity group for all node types")
+        shared_aff_grp = self.create_aff_grp(aff_grp_name="shared-aff-grp-" + random_gen())
+
+        self.debug("Creating Kubernetes cluster with same affinity group for all node types")
+        cluster_name = "cks-aff-grp-shared-" + random_gen()
+        try:
+            cluster = self.createKubernetesCluster(
+                cluster_name,
+                self.kubernetes_version.id,
+                size=1,
+                control_nodes=1,
+                control_aff_grp=shared_aff_grp,
+                worker_aff_grp=shared_aff_grp
+            )
+
+            self.verifyKubernetesClusterState(cluster, 'Running')
+            self.verifyKubernetesClusterAffinityGroups(
+                cluster,
+                control_aff_grp=shared_aff_grp,
+                worker_aff_grp=shared_aff_grp,
+                etcd_aff_grp=None
+            )
+
+            self.debug("Kubernetes cluster with shared affinity group created successfully")
+        finally:
+            cluster = self.listKubernetesCluster(cluster_name=cluster_name)
+            if cluster is not None:
+                self.deleteKubernetesClusterAndVerify(cluster.id, False, True)
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorNotSupported")
+    def test_05_scale_cluster_respects_worker_affinity_group(self):
+        """Test that scaling a cluster respects the worker node affinity group
+
+        # Validate the following:
+        # 1. Create a cluster with worker node affinity group
+        # 2. Scale up the cluster
+        # 3. Verify affinity group assignments are preserved after scaling
+        """
+        if self.setup_failed:
+            self.fail("Setup incomplete")
+
+        self.debug("Creating affinity group for worker nodes")
+        worker_aff_grp = self.create_aff_grp(aff_grp_name="worker-aff-grp-" + random_gen())
+
+        self.debug("Creating Kubernetes cluster with worker node affinity group")
+        cluster_name = "cks-aff-grp-scale-" + random_gen()
+        try:
+            cluster = self.createKubernetesCluster(
+                cluster_name,
+                self.kubernetes_version.id,
+                size=1,
+                control_nodes=1,
+                worker_aff_grp=worker_aff_grp
+            )
+
+            self.verifyKubernetesClusterState(cluster, 'Running')
+
+            self.debug("Scaling up Kubernetes cluster from 1 to 2 worker nodes")
+            cluster = self.scaleKubernetesCluster(cluster.id, 2)
+
+            self.verifyKubernetesClusterState(cluster, 'Running')
+            self.assertEqual(
+                cluster.size,
+                2,
+                "Cluster size should be 2 after scaling up, got {}".format(cluster.size)
+            )
+
+            # Verify affinity group is still assigned after scaling
+            self.verifyKubernetesClusterAffinityGroups(
+                cluster,
+                control_aff_grp=None,
+                worker_aff_grp=worker_aff_grp,
+                etcd_aff_grp=None
+            )
+
+            self.debug("Kubernetes cluster scaled successfully with affinity group preserved")
+        finally:
+            cluster = self.listKubernetesCluster(cluster_name=cluster_name)
+            if cluster is not None:
+                self.deleteKubernetesClusterAndVerify(cluster.id, False, True)
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorNotSupported")
+    def test_06_stop_start_cluster_preserves_affinity_groups(self):
+        """Test that stopping and starting a cluster preserves affinity groups
+
+        # Validate the following:
+        # 1. Create a cluster with affinity groups
+        # 2. Stop the cluster
+        # 3. Start the cluster
+        # 4. Verify affinity groups are preserved
+        """
+        if self.setup_failed:
+            self.fail("Setup incomplete")
+
+        self.debug("Creating affinity groups")
+        control_aff_grp = self.create_aff_grp(aff_grp_name="control-aff-grp-" + random_gen())
+        worker_aff_grp = self.create_aff_grp(aff_grp_name="worker-aff-grp-" + random_gen())
+
+        self.debug("Creating Kubernetes cluster with affinity groups")
+        cluster_name = "cks-aff-grp-lifecycle-" + random_gen()
+        try:
+            cluster = self.createKubernetesCluster(
+                cluster_name,
+                self.kubernetes_version.id,
+                size=1,
+                control_nodes=1,
+                control_aff_grp=control_aff_grp,
+                worker_aff_grp=worker_aff_grp
+            )
+
+            self.verifyKubernetesClusterState(cluster, 'Running')
+
+            self.debug("Stopping Kubernetes cluster")
+            self.stopKubernetesCluster(cluster.id)
+
+            cluster = self.listKubernetesCluster(cluster.id)
+            self.assertEqual(
+                cluster.state,
+                'Stopped',
+                "Cluster should be in Stopped state, got {}".format(cluster.state)
+            )
+
+            self.debug("Starting Kubernetes cluster")
+            cluster = self.startKubernetesCluster(cluster.id)
+
+            self.verifyKubernetesClusterState(cluster, 'Running')
+
+            # Verify affinity groups are preserved after stop/start
+            self.verifyKubernetesClusterAffinityGroups(
+                cluster,
+                control_aff_grp=control_aff_grp,
+                worker_aff_grp=worker_aff_grp,
+                etcd_aff_grp=None
+            )
+
+            self.debug("Kubernetes cluster stop/start completed with affinity groups preserved")
+        finally:
+            cluster = self.listKubernetesCluster(cluster_name=cluster_name)
+            if cluster is not None:
+                self.deleteKubernetesClusterAndVerify(cluster.id, False, True)
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorNotSupported")
+    def test_07_create_cluster_with_invalid_affinity_group_id(self):
+        """Test creating a cluster with an invalid affinity group ID fails
+
+        # Validate the following:
+        # 1. Attempt to create a cluster with a non-existent affinity group ID
+        # 2. Verify the operation fails with appropriate error
+        """
+        if self.setup_failed:
+            self.fail("Setup incomplete")
+
+        self.debug("Creating Kubernetes cluster with invalid affinity group ID")
+        cluster_name = "cks-aff-grp-invalid-" + random_gen()
+
+        # Create a fake affinity group object with invalid ID
+        class FakeAffinityGroup:
+            def __init__(self):
+                self.id = "invalid-uuid-12345"
+                self.name = "fake-group"
+
+        fake_aff_grp = FakeAffinityGroup()
+
+        with self.assertRaises(Exception) as context:
+            self.createKubernetesCluster(
+                cluster_name,
+                self.kubernetes_version.id,
+                size=1,
+                control_nodes=1,
+                control_aff_grp=fake_aff_grp
+            )
+
+        self.debug("Expected error when creating cluster with invalid affinity group: %s" % context.exception)
+
+        # Clean up any partially created cluster
+        cluster = self.listKubernetesCluster(cluster_name=cluster_name)
+        if cluster is not None:
+            self.deleteKubernetesClusterAndVerify(cluster.id, False, True)
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorNotSupported")
+    def test_08_cluster_response_includes_affinity_group_details(self):
+        """Test that cluster list response includes affinity group details
+
+        # Validate the following:
+        # 1. Create a cluster with affinity groups
+        # 2. List the cluster
+        # 3. Verify response includes affinity group IDs and names
+        """
+        if self.setup_failed:
+            self.fail("Setup incomplete")
+
+        self.debug("Creating affinity groups")
+        control_aff_grp = self.create_aff_grp(aff_grp_name="control-aff-grp-" + random_gen())
+        worker_aff_grp = self.create_aff_grp(aff_grp_name="worker-aff-grp-" + random_gen())
+
+        self.debug("Creating Kubernetes cluster with affinity groups")
+        cluster_name = "cks-aff-grp-response-" + random_gen()
+        try:
+            cluster = self.createKubernetesCluster(
+                cluster_name,
+                self.kubernetes_version.id,
+                size=1,
+                control_nodes=1,
+                control_aff_grp=control_aff_grp,
+                worker_aff_grp=worker_aff_grp
+            )
+
+            self.verifyKubernetesClusterState(cluster, 'Running')
+
+            # List the cluster and verify response
+            listed_cluster = self.listKubernetesCluster(cluster.id)
+
+            self.assertIsNotNone(listed_cluster, "Cluster should be listed")
+
+            # Verify control node affinity group in response
+            self.assertTrue(
+                hasattr(listed_cluster, 'controlnodeaffinitygroupid'),
+                "Response should include controlnodeaffinitygroupid"
+            )
+            self.assertTrue(
+                hasattr(listed_cluster, 'controlnodeaffinitygroupname'),
+                "Response should include controlnodeaffinitygroupname"
+            )
+
+            # Verify worker node affinity group in response
+            self.assertTrue(
+                hasattr(listed_cluster, 'workernodeaffinitygroupid'),
+                "Response should include workernodeaffinitygroupid"
+            )
+            self.assertTrue(
+                hasattr(listed_cluster, 'workernodeaffinitygroupname'),
+                "Response should include workernodeaffinitygroupname"
+            )
+
+            # Verify the values match
+            self.verifyKubernetesClusterAffinityGroups(
+                listed_cluster,
+                control_aff_grp=control_aff_grp,
+                worker_aff_grp=worker_aff_grp,
+                etcd_aff_grp=None
+            )
+
+            self.debug("Cluster response includes correct affinity group details")
+        finally:
+            cluster = self.listKubernetesCluster(cluster_name=cluster_name)
+            if cluster is not None:
+                self.deleteKubernetesClusterAndVerify(cluster.id, False, True)
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorNotSupported")
+    def test_09_create_cluster_without_affinity_groups(self):
+        """Test creating a cluster without any affinity groups
+
+        # Validate the following:
+        # 1. Create a cluster without specifying any affinity groups
+        # 2. Verify cluster is created and affinity group fields are null/empty
+        """
+        if self.setup_failed:
+            self.fail("Setup incomplete")
+
+        self.debug("Creating Kubernetes cluster without affinity groups")
+        cluster_name = "cks-no-aff-grp-" + random_gen()
+        try:
+            cluster = self.createKubernetesCluster(
+                cluster_name,
+                self.kubernetes_version.id,
+                size=1,
+                control_nodes=1
+            )
+
+            self.verifyKubernetesClusterState(cluster, 'Running')
+
+            # Verify no affinity groups are assigned
+            self.verifyKubernetesClusterAffinityGroups(
+                cluster,
+                control_aff_grp=None,
+                worker_aff_grp=None,
+                etcd_aff_grp=None
+            )
+
+            self.debug("Kubernetes cluster created successfully without affinity groups")
+        finally:
+            cluster = self.listKubernetesCluster(cluster_name=cluster_name)
+            if cluster is not None:
+                self.deleteKubernetesClusterAndVerify(cluster.id, False, True)
+
+    @attr(tags=["advanced", "smoke"], required_hardware="true")
+    @skipTestIf("hypervisorNotSupported")
+    def test_10_delete_cluster_with_affinity_groups(self):
+        """Test that deleting a cluster with affinity groups works correctly
+
+        # Validate the following:
+        # 1. Create a cluster with affinity groups
+        # 2. Delete the cluster
+        # 3. Verify cluster is deleted and affinity groups still exist
+        """
+        if self.setup_failed:
+            self.fail("Setup incomplete")
+
+        self.debug("Creating affinity groups")
+        control_aff_grp = self.create_aff_grp(aff_grp_name="control-aff-grp-" + random_gen())
+        worker_aff_grp = self.create_aff_grp(aff_grp_name="worker-aff-grp-" + random_gen())
+
+        self.debug("Creating Kubernetes cluster with affinity groups")
+        cluster_name = "cks-aff-grp-delete-" + random_gen()
+        cluster = self.createKubernetesCluster(
+            cluster_name,
+            self.kubernetes_version.id,
+            size=1,
+            control_nodes=1,
+            control_aff_grp=control_aff_grp,
+            worker_aff_grp=worker_aff_grp
+        )
+
+        self.verifyKubernetesClusterState(cluster, 'Running')
+        cluster_id = cluster.id
+
+        self.debug("Deleting Kubernetes cluster")
+        self.deleteKubernetesClusterAndVerify(cluster_id)
+
+        # Verify cluster is deleted
+        deleted_cluster = self.listKubernetesCluster(cluster_id)
+        self.assertIsNone(deleted_cluster, "Cluster should be deleted")
+
+        # Verify affinity groups still exist
+        control_aff_grp_list = AffinityGroup.list(self.apiclient, id=control_aff_grp.id)
+        self.assertIsNotNone(control_aff_grp_list, "Control affinity group should still exist")
+
+        worker_aff_grp_list = AffinityGroup.list(self.apiclient, id=worker_aff_grp.id)
+        self.assertIsNotNone(worker_aff_grp_list, "Worker affinity group should still exist")
+
+        self.debug("Kubernetes cluster deleted successfully, affinity groups preserved")
diff --git a/test/integration/smoke/test_domain_vpc_offerings.py b/test/integration/smoke/test_domain_vpc_offerings.py
index f3d31b2bf7e9..9570d35c618e 100644
--- a/test/integration/smoke/test_domain_vpc_offerings.py
+++ b/test/integration/smoke/test_domain_vpc_offerings.py
@@ -28,9 +28,16 @@
 from marvin.lib.base import (Domain,
                              VpcOffering,
                              Account,
-                             VPC)
+                             VPC,
+                             NetworkOffering,
+                             Network,
+                             VirtualMachine,
+                             ServiceOffering,
+                             PublicIPAddress,
+                             NATRule)
 from marvin.lib.common import (get_domain,
-                               get_zone)
+                               get_zone,
+                               get_test_template)
 from nose.plugins.attrib import attr
 
 import time
@@ -222,6 +229,7 @@ def setUpClass(cls):
         cls.apiclient = testClient.getApiClient()
         cls.localservices = Services().services
         cls.services = testClient.getParsedTestDataConfig()
+        cls.hypervisor = cls.testClient.getHypervisorInfo()
         # Create domains
         cls.domain_1 = Domain.create(
             cls.apiclient,
@@ -402,3 +410,158 @@ def test_03_create_vpc_domain_vpc_offering(self):
         self.debug("Vpc created for first child subdomain %s" % self.valid_account_3.domainid)
 
         return
+
+    @attr(
+        tags=[
+            "advanced",
+            "eip",
+            "sg",
+            "advancedns",
+            "smoke"],
+        required_hardware="false")
+    def test_04_validate_vpc_offering_conserve_mode_disabled(self):
+        """Test to create and validate vpc with conserve mode disabled for an existing domain specified vpc offering"""
+
+        # Validate the following:
+        # 1. Create Vpc for user in domain for which offering is specified
+        # 2. Validate that conserve mode is disabled for the vpc (cannot reuse ip address on multiple VPC tiers)
+
+        template = get_test_template(
+            self.apiclient,
+            self.zone.id,
+            self.hypervisor)
+        if template == FAILED:
+            assert False, "get_test_template() failed to return template"
+
+        valid_account_1 = Account.create(
+            self.apiclient,
+            self.services["account"],
+            domainid=self.domain_1.id
+        )
+        self.cleanup.append(valid_account_1)
+
+        service_offering = ServiceOffering.create(
+            self.apiclient,
+            self.services["service_offerings"]["tiny"]
+        )
+        self.cleanup.append(service_offering)
+
+        self.services["vpc"]["cidr"] = "10.10.20.0/24"
+        vpc = VPC.create(
+            apiclient=self.apiclient,
+            services=self.services["vpc"],
+            account=valid_account_1.name,
+            domainid=valid_account_1.domainid,
+            zoneid=self.zone.id,
+            vpcofferingid=self.vpc_offering.id
+        )
+        self.debug("Vpc created for subdomain %s" % valid_account_1.domainid)
+
+        self.services["network_offering"]["supportedservices"] = 'Vpn,Dhcp,Dns,SourceNat,Lb,UserData,StaticNat,NetworkACL,PortForwarding'
+        self.services["network_offering"]["serviceProviderList"] = {
+            "Vpn": 'VpcVirtualRouter',
+            "Dhcp": 'VpcVirtualRouter',
+            "Dns": 'VpcVirtualRouter',
+            "SourceNat": 'VpcVirtualRouter',
+            "Lb": 'VpcVirtualRouter',
+            "UserData": 'VpcVirtualRouter',
+            "StaticNat": 'VpcVirtualRouter',
+            "NetworkACL": 'VpcVirtualRouter',
+            "PortForwarding": 'VpcVirtualRouter'
+        }
+        network_offering = NetworkOffering.create(
+            self.apiclient,
+            self.services["network_offering"]
+        )
+        network_offering.update(self.apiclient, state="Enabled")
+        self.cleanup.append(network_offering)
+
+        gateway_tier1 = "10.10.20.1"
+        netmask_tiers = "255.255.255.240"
+
+        self.services["network_offering"]["name"] = "tier1-" + vpc.id
+        self.services["network_offering"]["displayname"] = "tier1-" + vpc.id
+        tier1 = Network.create(
+            self.apiclient,
+            services=self.services["network_offering"],
+            accountid=valid_account_1.name,
+            domainid=valid_account_1.domainid,
+            networkofferingid=network_offering.id,
+            zoneid=self.zone.id,
+            vpcid=vpc.id,
+            gateway=gateway_tier1,
+            netmask=netmask_tiers,
+        )
+
+        gateway_tier2 = "10.10.20.17"
+        self.services["network_offering"]["name"] = "tier2-" + vpc.id
+        self.services["network_offering"]["displayname"] = "tier2-" + vpc.id
+        tier2 = Network.create(
+            self.apiclient,
+            services=self.services["network_offering"],
+            accountid=valid_account_1.name,
+            domainid=valid_account_1.domainid,
+            networkofferingid=network_offering.id,
+            zoneid=self.zone.id,
+            vpcid=vpc.id,
+            gateway=gateway_tier2,
+            netmask=netmask_tiers,
+        )
+
+        self.services["virtual_machine"]["displayname"] = "vm1" + vpc.id
+        vm1 = VirtualMachine.create(
+            self.apiclient,
+            services=self.services["virtual_machine"],
+            templateid=template.id,
+            zoneid=self.zone.id,
+            accountid=valid_account_1.name,
+            domainid=valid_account_1.domainid,
+            serviceofferingid=service_offering.id,
+            networkids=[tier1.id],
+        )
+
+        self.services["virtual_machine"]["displayname"] = "vm2" + vpc.id
+        vm2 = VirtualMachine.create(
+            self.apiclient,
+            services=self.services["virtual_machine"],
+            templateid=template.id,
+            zoneid=self.zone.id,
+            accountid=valid_account_1.name,
+            domainid=valid_account_1.domainid,
+            serviceofferingid=service_offering.id,
+            networkids=[tier2.id],
+        )
+
+        public_ip = PublicIPAddress.create(
+            self.apiclient,
+            zoneid=self.zone.id,
+            accountid=valid_account_1.name,
+            domainid=valid_account_1.domainid,
+            vpcid=vpc.id,
+        )
+
+        nat_rule = NATRule.create(
+            self.apiclient,
+            vm1,
+            self.services["natrule"],
+            ipaddressid=public_ip.ipaddress.id,
+            vpcid=vpc.id,
+            networkid=tier1.id,
+        )
+
+        self.services["natrule"]["privateport"] = 80
+        self.services["natrule"]["publicport"] = 80
+        try:
+            NATRule.create(
+                self.apiclient,
+                vm2,
+                self.services["natrule"],
+                ipaddressid=public_ip.ipaddress.id,
+                vpcid=vpc.id,
+                networkid=tier2.id,
+            )
+            self.fail(
+                "Expected cross-tier rule creation to fail with conserveMode=False, but succeeded"
+            )
+        except CloudstackAPIException as e:
+            self.debug("Expected cross-tier rule creation to failure with conserveMode=False")
diff --git a/test/integration/smoke/test_vpc_conserve_mode.py b/test/integration/smoke/test_vpc_conserve_mode.py
new file mode 100644
index 000000000000..a56953db7872
--- /dev/null
+++ b/test/integration/smoke/test_vpc_conserve_mode.py
@@ -0,0 +1,314 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+"""Tests for VPC Conserve Mode (since 4.23.0)
+
+Conserve mode allows public IP services (LB, Port Forwarding, Static NAT) to be
+shared across multiple VPC tiers using the same public IP address.
+
+When conserve mode is ON:
+  - A single public IP can have rules targeting VMs in different VPC tiers
+  - FirewallManagerImpl skips the cross-network conflict check for that VPC
+
+When conserve mode is OFF (default before 4.23.0):
+  - Rules on a given public IP must all belong to the same VPC tier (network)
+  - Attempting to create a rule on a different tier than an existing rule raises
+    a NetworkRuleConflictException
+"""
+
+from marvin.cloudstackException import CloudstackAPIException
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.codes import FAILED
+from marvin.lib.base import (
+    Account,
+    LoadBalancerRule,
+    NATRule,
+    Network,
+    NetworkOffering,
+    PublicIPAddress,
+    ServiceOffering,
+    VirtualMachine,
+    VPC,
+    VpcOffering,
+)
+from marvin.lib.common import (
+    get_domain,
+    get_test_template,
+    get_zone,
+    list_publicIP
+)
+from marvin.lib.utils import cleanup_resources
+from nose.plugins.attrib import attr
+import logging
+
+class TestVPCConserveModeRules(cloudstackTestCase):
+    """Tests that conserve mode for VPC controls whether rules on the same public IP are allowed in multiple VPC tiers.
+    """
+
+    @classmethod
+    def setUpClass(cls):
+        cls.testClient = super(TestVPCConserveModeRules, cls).getClsTestClient()
+        cls.apiclient = cls.testClient.getApiClient()
+        cls.services = cls.testClient.getParsedTestDataConfig()
+        cls.zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests())
+        cls.domain = get_domain(cls.apiclient)
+        cls.hypervisor = cls.testClient.getHypervisorInfo()
+        cls.logger = logging.getLogger("TestVPCConserveModeRules")
+        cls._cleanup = []
+
+        cls.account = Account.create(
+            cls.apiclient,
+            cls.services["account"],
+            admin=True,
+            domainid=cls.domain.id)
+        cls._cleanup.append(cls.account)
+
+        cls.template = get_test_template(
+            cls.apiclient,
+            cls.zone.id,
+            cls.hypervisor)
+        if cls.template == FAILED:
+            assert False, "get_test_template() failed to return template"
+
+        cls.service_offering = ServiceOffering.create(
+            cls.apiclient,
+            cls.services["service_offerings"]["tiny"]
+        )
+        cls._cleanup.append(cls.service_offering)
+
+        cls.services["vpc_offering"]["supportedservices"] = 'Vpn,Dhcp,Dns,SourceNat,Lb,UserData,StaticNat,NetworkACL,PortForwarding'
+        cls.services["vpc_offering"]["conservemode"] = True
+        cls.vpc_offering_conserve_mode = VpcOffering.create(
+            cls.apiclient,
+            cls.services["vpc_offering"]
+        )
+        cls.vpc_offering_conserve_mode.update(cls.apiclient, state="Enabled")
+        cls._cleanup.append(cls.vpc_offering_conserve_mode)
+
+        cls.services["network_offering"]["supportedservices"] = 'Vpn,Dhcp,Dns,SourceNat,Lb,UserData,StaticNat,NetworkACL,PortForwarding'
+        cls.services["network_offering"]["serviceProviderList"] = {
+            "Vpn": 'VpcVirtualRouter',
+            "Dhcp": 'VpcVirtualRouter',
+            "Dns": 'VpcVirtualRouter',
+            "SourceNat": 'VpcVirtualRouter',
+            "Lb": 'VpcVirtualRouter',
+            "UserData": 'VpcVirtualRouter',
+            "StaticNat": 'VpcVirtualRouter',
+            "NetworkACL": 'VpcVirtualRouter',
+            "PortForwarding": 'VpcVirtualRouter'
+        }
+        cls.network_offering = NetworkOffering.create(
+            cls.apiclient,
+            cls.services["network_offering"],
+            conservemode=True
+        )
+        cls.network_offering.update(cls.apiclient, state="Enabled")
+        cls._cleanup.append(cls.network_offering)
+
+        cls.services["vpc"]["cidr"] = "10.10.20.0/24"
+
+        cls.vpc = VPC.create(
+            cls.apiclient,
+            cls.services["vpc"],
+            vpcofferingid=cls.vpc_offering_conserve_mode.id,
+            zoneid=cls.zone.id,
+            account=cls.account.name,
+            domainid=cls.account.domainid,
+        )
+        cls._cleanup.append(cls.vpc)
+
+        gateway_tier1 = "10.10.20.1"
+        netmask_tiers = "255.255.255.240"
+
+        cls.services["network_offering"]["name"] = "tier1-" + cls.vpc.id
+        cls.services["network_offering"]["displayname"] = "tier1-" + cls.vpc.id
+        cls.tier1 = Network.create(
+            cls.apiclient,
+            services=cls.services["network_offering"],
+            accountid=cls.account.name,
+            domainid=cls.account.domainid,
+            networkofferingid=cls.network_offering.id,
+            zoneid=cls.zone.id,
+            vpcid=cls.vpc.id,
+            gateway=gateway_tier1,
+            netmask=netmask_tiers,
+        )
+        cls._cleanup.append(cls.tier1)
+
+        gateway_tier2 = "10.10.20.17"
+        cls.services["network_offering"]["name"] = "tier2-" + cls.vpc.id
+        cls.services["network_offering"]["displayname"] = "tier2-" + cls.vpc.id
+        cls.tier2 = Network.create(
+            cls.apiclient,
+            services=cls.services["network_offering"],
+            accountid=cls.account.name,
+            domainid=cls.account.domainid,
+            networkofferingid=cls.network_offering.id,
+            zoneid=cls.zone.id,
+            vpcid=cls.vpc.id,
+            gateway=gateway_tier2,
+            netmask=netmask_tiers,
+        )
+        cls._cleanup.append(cls.tier2)
+
+        cls.services["virtual_machine"]["displayname"] = "vm1" + cls.vpc.id
+        cls.vm1 = VirtualMachine.create(
+            cls.apiclient,
+            services=cls.services["virtual_machine"],
+            templateid=cls.template.id,
+            zoneid=cls.zone.id,
+            accountid=cls.account.name,
+            domainid=cls.account.domainid,
+            serviceofferingid=cls.service_offering.id,
+            networkids=[cls.tier1.id],
+        )
+        cls.services["virtual_machine"]["displayname"] = "vm2" + cls.vpc.id
+        cls.vm2 = VirtualMachine.create(
+            cls.apiclient,
+            services=cls.services["virtual_machine"],
+            templateid=cls.template.id,
+            zoneid=cls.zone.id,
+            accountid=cls.account.name,
+            domainid=cls.account.domainid,
+            serviceofferingid=cls.service_offering.id,
+            networkids=[cls.tier2.id],
+        )
+        cls._cleanup.append(cls.vm1)
+        cls._cleanup.append(cls.vm2)
+
+    @classmethod
+    def tearDownClass(cls):
+        super(TestVPCConserveModeRules, cls).tearDownClass()
+
+    def setUp(self):
+        self.apiclient = self.testClient.getApiClient()
+        self.cleanup = []
+
+    def tearDown(self):
+        super(TestVPCConserveModeRules, self).tearDown()
+
+    @attr(tags=["advanced", "advancedns", "smoke"], required_hardware="false")
+    def test_01_vpc_conserve_mode_cross_tier_rules_allowed(self):
+        """With conserveMode=True, LB rule on VPC Tier 1 and Port Forwarding rule on VPC Tier 2 can
+        share the same public IP without a NetworkRuleConflictException.
+        """
+
+        public_ip = PublicIPAddress.create(
+            self.apiclient,
+            zoneid=self.zone.id,
+            accountid=self.account.name,
+            domainid=self.account.domainid,
+            vpcid=self.vpc.id,
+        )
+
+        self.logger.debug(
+            "Creating LB rule on tier-1 (networkid=%s) using public IP %s",
+            self.tier1.id,
+            public_ip.ipaddress.ipaddress,
+        )
+        lb_rule_tier1 = LoadBalancerRule.create(
+            self.apiclient,
+            self.services["lbrule"],
+            ipaddressid=public_ip.ipaddress.id,
+            accountid=self.account.name,
+            vpcid=self.vpc.id,
+            networkid=self.tier1.id,
+            domainid=self.account.domainid,
+        )
+        self.assertIsNotNone(lb_rule_tier1, "LB rule creation on tier-1 failed")
+        lb_rule_tier1.assign(self.apiclient, [self.vm1])
+
+        self.logger.debug(
+            "Creating Port Forwarding rule on tier-2 (networkid=%s) "
+            "using the same public IP %s – should succeed with conserve mode",
+            self.tier2.id,
+            public_ip.ipaddress.ipaddress,
+        )
+        try:
+            nat_rule = NATRule.create(
+                self.apiclient,
+                self.vm2,
+                self.services["natrule"],
+                ipaddressid=public_ip.ipaddress.id,
+                vpcid=self.vpc.id,
+                networkid=self.tier2.id,
+            )
+            self.assertIsNotNone(
+                nat_rule,
+                "Port Forwarding rule creation on tier-2 failed unexpectedly",
+            )
+        except CloudstackAPIException as e:
+            self.fail(
+                "Expected cross-tier Port Forwarding rule to succeed with "
+                "conserveMode=True, but got exception: %s" % e
+            )
+
+    @attr(tags=["advanced", "advancedns", "smoke"], required_hardware="false")
+    def test_02_vpc_conserve_mode_reuse_source_nat_ip_address(self):
+        """With VPC conserve mode enabled, a NAT rule can be created on a VPC tier (conserve mode enabled)
+        with a source NAT IP address
+        """
+        source_nat_ip_resp = list_publicIP(
+            self.apiclient,
+            vpcid=self.vpc.id,
+            listall=True,
+            issourcenat=True
+        )
+
+        source_nat_ip = source_nat_ip_resp[0]
+
+        self.logger.debug(
+            "Creating Port Forwarding rule on tier-2 (networkid=%s) "
+            "using the source NAT public IP %s – should succeed with conserve mode",
+            self.tier1.id,
+            source_nat_ip.ipaddress,
+        )
+        try:
+            nat_rule = NATRule.create(
+                self.apiclient,
+                self.vm2,
+                self.services["natrule"],
+                ipaddressid=source_nat_ip.id,
+                vpcid=self.vpc.id,
+                networkid=self.tier2.id,
+            )
+            self.assertIsNotNone(
+                nat_rule,
+                "Port Forwarding rule creation on tier-2 failed unexpectedly",
+            )
+            self.logger.debug(
+                "Creating LB rule on tier-1 (networkid=%s) "
+                "using the source NAT public IP %s – should succeed with conserve mode",
+                self.tier1.id,
+                source_nat_ip.ipaddress,
+            )
+            lb_rule_tier1 = LoadBalancerRule.create(
+                self.apiclient,
+                self.services["lbrule"],
+                ipaddressid=source_nat_ip.id,
+                accountid=self.account.name,
+                vpcid=self.vpc.id,
+                networkid=self.tier2.id,
+                domainid=self.account.domainid,
+            )
+            self.assertIsNotNone(lb_rule_tier1, "LB rule creation on tier-2 failed")
+            lb_rule_tier1.assign(self.apiclient, [self.vm2])
+        except CloudstackAPIException as e:
+            self.fail(
+                "Expected multiple rules on VPC Source NAT IP to succeed with "
+                "conserveMode=True, but got exception: %s" % e
+            )
diff --git a/tools/marvin/marvin/lib/base.py b/tools/marvin/marvin/lib/base.py
index 825159a2e53a..636c73209a3f 100755
--- a/tools/marvin/marvin/lib/base.py
+++ b/tools/marvin/marvin/lib/base.py
@@ -5227,6 +5227,8 @@ def create(cls, apiclient, services):
             cmd.networkmode = services["networkmode"]
         if "routingmode" in services:
             cmd.routingmode = services["routingmode"]
+        if "conservemode" in services:
+            cmd.conservemode = services["conservemode"]
         return VpcOffering(apiclient.createVPCOffering(cmd).__dict__)
 
     def update(self, apiclient, name=None, displaytext=None, state=None):
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 8bcc5d0a94bf..513dfcdaa368 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -256,6 +256,7 @@
 "label.activate.project": "Activate project",
 "label.activeviewersessions": "Active sessions",
 "label.add": "Add",
+"label.addservices": "Add Services",
 "label.add.account": "Add Account",
 "label.add.acl.rule": "Add rule",
 "label.add.acl": "Add ACL",
@@ -566,12 +567,21 @@
 "label.cks.cluster.size": "Cluster size (Worker nodes)",
 "label.cks.cluster.worker.nodes.offeringid": "Service Offering for Worker Nodes",
 "label.cks.cluster.worker.nodes.templateid": "Template for Worker Nodes",
+"label.cks.cluster.control.nodes.affinitygroupid": "Affinity Groups for Control Nodes",
+"label.cks.cluster.worker.nodes.affinitygroupid": "Affinity Groups for Worker Nodes",
+"label.cks.cluster.etcd.nodes.affinitygroupid": "Affinity Groups for ETCD Nodes",
 "label.cleanup": "Clean up",
 "label.clear": "Clear",
 "label.clear.all": "Clear all",
 "label.clear.list": "Clear list",
 "label.clear.notification": "Clear notification",
 "label.clientid": "Provider Client ID",
+"label.clone.backup.offering": "Clone Backup Offering",
+"label.clone.compute.offering": "Clone Compute Offering",
+"label.clone.disk.offering": "Clone Disk Offering",
+"label.clone.network.offering": "Clone Network Offering",
+"label.clone.system.service.offering": "Clone System Service Offering",
+"label.clone.vpc.offering": "Clone VPC Offering",
 "label.close": "Close",
 "label.cloud.managed": "CloudManaged",
 "label.cloudian.admin.password": "Admin Service Password",
@@ -947,6 +957,7 @@
 "label.domains": "Domains",
 "label.done": "Done",
 "label.down": "Down",
+"label.dropservices": "Drop Services",
 "label.download": "Download",
 "label.download.csv": "Download CSV",
 "label.download.kubeconfig.cluster": "Download kubeconfig for the cluster <br><br> The <code><b>kubectl</b></code> command-line tool uses kubeconfig files to find the information it needs to choose a cluster and communicate with the API server of a cluster.",
@@ -2905,6 +2916,9 @@
 "label.edgecluster": "Edge Cluster",
 "label.encryption": "Encryption",
 "label.etcdnodes": "Number of etcd nodes",
+"label.controlaffinitygroupnames": "Control Affinity Groups",
+"label.workeraffinitygroupnames": "Worker Affinity Groups",
+"label.etcdaffinitygroupnames": "ETCD Affinity Groups",
 "label.versioning": "Versioning",
 "label.objectlocking": "Object Lock",
 "label.bucket.policy": "Bucket Policy",
@@ -3261,6 +3275,10 @@
 "message.create.bucket.failed": "Failed to create bucket.",
 "message.create.bucket.processing": "Bucket creation in progress",
 "message.create.compute.offering": "Compute Offering created",
+"message.clone.compute.offering": "Compute Offering cloned",
+"message.clone.service.offering": "Service Offering cloned",
+"message.clone.offering.from": "Cloning from",
+"message.clone.offering.edit.hint": "All values are pre-filled from the source offering. Edit any field to customize the new offering.",
 "message.create.sharedfs.failed": "Failed to create Shared FileSystem.",
 "message.create.sharedfs.processing": "Shared FileSystem creation in progress.",
 "message.create.tungsten.public.network": "Create Tungsten-Fabric public Network",
@@ -3381,6 +3399,9 @@
 "message.disable.webhook.ssl.verification": "Disabling SSL verification is not recommended",
 "message.discovering.feature": "Discovering features, please wait...",
 "message.disk.offering.created": "Disk offering created:",
+"message.success.clone.backup.offering": "Successfully cloned backup offering",
+"message.success.clone.disk.offering": "Successfully cloned disk offering:",
+"message.success.clone.network.offering": "Successfully cloned network offering:",
 "message.disk.usage.info.data.points": "Each data point represents the difference in read/write data since the last data point.",
 "message.disk.usage.info.sum.of.disks": "The disk usage shown is made up of the sum of read/write data from all the disks in the Instance.",
 "message.download.volume": "Please click the link to download the volume:<p><a href=\"#\">00000</a>",
diff --git a/ui/src/components/CheckBoxSelectPair.vue b/ui/src/components/CheckBoxSelectPair.vue
index 480e515be29f..a874144458ae 100644
--- a/ui/src/components/CheckBoxSelectPair.vue
+++ b/ui/src/components/CheckBoxSelectPair.vue
@@ -74,6 +74,10 @@ export default {
       type: Boolean,
       default: false
     },
+    defaultSelectValue: {
+      type: String,
+      default: null
+    },
     selectOptions: {
       type: Array,
       required: true
@@ -100,6 +104,9 @@ export default {
   },
   created () {
     this.checked = this.defaultCheckBoxValue
+    if (this.defaultSelectValue) {
+      this.selectedOption = this.defaultSelectValue
+    }
   },
   watch: {
     selectOptions () {
diff --git a/ui/src/components/offering/ComputeOfferingForm.vue b/ui/src/components/offering/ComputeOfferingForm.vue
new file mode 100644
index 000000000000..c621324f108e
--- /dev/null
+++ b/ui/src/components/offering/ComputeOfferingForm.vue
@@ -0,0 +1,812 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+  <a-form
+    ref="internalFormRef"
+    :model="form"
+    :rules="rules"
+    @finish="onInternalSubmit"
+    layout="vertical">
+    <a-form-item name="name" ref="name">
+      <template #label>
+        <tooltip-label :title="$t('label.name')" :tooltip="apiParams.name.description"/>
+      </template>
+      <a-input
+        v-focus="true"
+        v-model:value="form.name"
+        :placeholder="$t('label.name')"/>
+    </a-form-item>
+    <a-form-item name="displaytext" ref="displaytext">
+      <template #label>
+        <tooltip-label :title="$t('label.displaytext')" :tooltip="apiParams.displaytext.description"/>
+      </template>
+      <a-input
+        v-model:value="form.displaytext"
+        :placeholder="$t('label.displaytext')"/>
+    </a-form-item>
+    <a-form-item name="systemvmtype" ref="systemvmtype" v-if="isSystem">
+      <template #label>
+        <tooltip-label :title="$t('label.systemvmtype')" :tooltip="apiParams.systemvmtype.description"/>
+      </template>
+      <a-select
+        :getPopupContainer="(trigger) => trigger.parentNode"
+        v-model:value="form.systemvmtype"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => { return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0 }"
+        :placeholder="apiParams.systemvmtype.description">
+        <a-select-option key="domainrouter" :label="$t('label.domain.router')">{{ $t('label.domain.router') }}</a-select-option>
+        <a-select-option key="consoleproxy" :label="$t('label.console.proxy')">{{ $t('label.console.proxy') }}</a-select-option>
+        <a-select-option key="secondarystoragevm" :label="$t('label.secondary.storage.vm')">{{ $t('label.secondary.storage.vm') }}</a-select-option>
+      </a-select>
+    </a-form-item>
+    <a-form-item name="offeringtype" ref="offeringtype" :label="$t('label.offeringtype')" v-show="!isSystem">
+      <a-radio-group
+        v-model:value="form.offeringtype"
+        @change="selected => { handleComputeOfferingTypeChange(selected.target.value) }"
+        buttonStyle="solid">
+        <a-radio-button value="fixed">{{ $t('label.fixed') }}</a-radio-button>
+        <a-radio-button value="customconstrained">{{ $t('label.customconstrained') }}</a-radio-button>
+        <a-radio-button value="customunconstrained">{{ $t('label.customunconstrained') }}</a-radio-button>
+      </a-radio-group>
+    </a-form-item>
+
+    <a-row :gutter="12">
+      <a-col :md="8" :lg="8" v-if="offeringType === 'fixed'">
+        <a-form-item name="cpunumber" ref="cpunumber">
+          <template #label>
+            <tooltip-label :title="$t('label.cpunumber')" :tooltip="apiParams.cpunumber.description"/>
+          </template>
+          <a-input v-model:value="form.cpunumber" :placeholder="apiParams.cpunumber.description"/>
+        </a-form-item>
+      </a-col>
+      <a-col :md="8" :lg="8" v-if="offeringType !== 'customunconstrained'">
+        <a-form-item name="cpuspeed" ref="cpuspeed">
+          <template #label>
+            <tooltip-label :title="$t('label.cpuspeed')" :tooltip="apiParams.cpuspeed.description"/>
+          </template>
+          <a-input v-model:value="form.cpuspeed" :placeholder="apiParams.cpuspeed.description"/>
+        </a-form-item>
+      </a-col>
+      <a-col :md="8" :lg="8" v-if="offeringType === 'fixed'">
+        <a-form-item name="memory" ref="memory">
+          <template #label>
+            <tooltip-label :title="$t('label.memory.mb')" :tooltip="apiParams.memory.description"/>
+          </template>
+          <a-input v-model:value="form.memory" :placeholder="apiParams.memory.description"/>
+        </a-form-item>
+      </a-col>
+    </a-row>
+
+    <!-- The rest of the form fields (storage, QoS, GPU, tags, etc.) were copied
+         from AddComputeOffering.vue to ensure identical behavior. -->
+
+    <a-row :gutter="12" v-if="offeringType === 'customconstrained'">
+      <a-col :md="12" :lg="12">
+        <a-form-item name="mincpunumber" ref="mincpunumber">
+          <template #label>
+            <tooltip-label :title="$t('label.mincpunumber')" :tooltip="apiParams.mincpunumber.description"/>
+          </template>
+          <a-input v-model:value="form.mincpunumber" :placeholder="apiParams.mincpunumber.description"/>
+        </a-form-item>
+      </a-col>
+      <a-col :md="12" :lg="12">
+        <a-form-item name="maxcpunumber" ref="maxcpunumber">
+          <template #label>
+            <tooltip-label :title="$t('label.maxcpunumber')" :tooltip="apiParams.maxcpunumber.description"/>
+          </template>
+          <a-input v-model:value="form.maxcpunumber" :placeholder="apiParams.maxcpunumber.description"/>
+        </a-form-item>
+      </a-col>
+    </a-row>
+
+    <a-row :gutter="12" v-if="offeringType === 'customconstrained'">
+      <a-col :md="12" :lg="12">
+        <a-form-item name="minmemory" ref="minmemory">
+          <template #label>
+            <tooltip-label :title="$t('label.minmemory')" :tooltip="apiParams.minmemory.description"/>
+          </template>
+          <a-input v-model:value="form.minmemory" :placeholder="apiParams.minmemory.description"/>
+        </a-form-item>
+      </a-col>
+      <a-col :md="12" :lg="12">
+        <a-form-item name="maxmemory" ref="maxmemory">
+          <template #label>
+            <tooltip-label :title="$t('label.maxmemory')" :tooltip="apiParams.maxmemory.description"/>
+          </template>
+          <a-input v-model:value="form.maxmemory" :placeholder="apiParams.maxmemory.description"/>
+        </a-form-item>
+      </a-col>
+    </a-row>
+
+    <a-row :gutter="12">
+      <a-col :md="12" :lg="12">
+        <a-form-item v-if="isAdmin() || isDomainAdminAllowedToInformTags" name="hosttags" ref="hosttags">
+          <template #label>
+            <tooltip-label :title="$t('label.hosttags')" :tooltip="apiParams.hosttags.description"/>
+          </template>
+          <a-input v-model:value="form.hosttags" :placeholder="apiParams.hosttags.description"/>
+        </a-form-item>
+      </a-col>
+      <a-col :md="12" :lg="12">
+        <a-form-item name="networkrate" ref="networkrate">
+          <template #label>
+            <tooltip-label :title="$t('label.networkrate')" :tooltip="apiParams.networkrate.description"/>
+          </template>
+          <a-input v-model:value="form.networkrate" :placeholder="apiParams.networkrate.description"/>
+        </a-form-item>
+      </a-col>
+    </a-row>
+
+    <a-row :gutter="12">
+      <a-col :md="12" :lg="12">
+        <a-form-item name="offerha" ref="offerha">
+          <template #label>
+            <tooltip-label :title="$t('label.offerha')" :tooltip="apiParams.offerha.description"/>
+          </template>
+          <a-switch v-model:checked="form.offerha" />
+        </a-form-item>
+      </a-col>
+      <a-col :md="12" :lg="12">
+        <a-form-item name="dynamicscalingenabled" ref="dynamicscalingenabled">
+          <template #label>
+            <tooltip-label :title="$t('label.dynamicscalingenabled')" :tooltip="apiParams.dynamicscalingenabled.description"/>
+          </template>
+          <a-switch v-model:checked="form.dynamicscalingenabled" @change="val => { dynamicscalingenabled = val }"/>
+        </a-form-item>
+      </a-col>
+    </a-row>
+
+    <a-row :gutter="12">
+      <a-col :md="12" :lg="12">
+        <a-form-item name="limitcpuuse" ref="limitcpuuse">
+          <template #label>
+            <tooltip-label :title="$t('label.limitcpuuse')" :tooltip="apiParams.limitcpuuse.description"/>
+          </template>
+          <a-switch v-model:checked="form.limitcpuuse" />
+        </a-form-item>
+      </a-col>
+      <a-col :md="12" :lg="12">
+        <a-form-item v-if="!isSystem" name="isvolatile" ref="isvolatile">
+          <template #label>
+            <tooltip-label :title="$t('label.isvolatile')" :tooltip="apiParams.isvolatile.description"/>
+          </template>
+          <a-switch v-model:checked="form.isvolatile" />
+        </a-form-item>
+      </a-col>
+    </a-row>
+
+    <a-form-item name="deploymentplanner" ref="deploymentplanner" v-if="!isSystem && isAdmin()">
+      <template #label>
+        <tooltip-label :title="$t('label.deploymentplanner')" :tooltip="apiParams.deploymentplanner.description"/>
+      </template>
+      <a-select
+        :getPopupContainer="(trigger) => trigger.parentNode"
+        v-model:value="form.deploymentplanner"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => { return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0 }"
+        :loading="deploymentPlannerLoading"
+        :placeholder="apiParams.deploymentplanner.description"
+        @change="val => { handleDeploymentPlannerChange(val) }">
+        <a-select-option v-for="(opt) in deploymentPlanners" :key="opt.name" :label="opt.name || opt.description || ''">{{ opt.name || opt.description }}</a-select-option>
+      </a-select>
+    </a-form-item>
+
+    <a-form-item name="plannermode" ref="plannermode" :label="$t('label.plannermode')" v-if="plannerModeVisible">
+      <a-radio-group v-model:value="form.plannermode" buttonStyle="solid">
+        <a-radio-button value="">{{ $t('label.none') }}</a-radio-button>
+        <a-radio-button value="strict">{{ $t('label.strict') }}</a-radio-button>
+        <a-radio-button value="Preferred">{{ $t('label.preferred') }}</a-radio-button>
+      </a-radio-group>
+    </a-form-item>
+
+    <a-form-item name="gpucardid" ref="gpucardid" :label="$t('label.gpu.card')" v-if="!isSystem">
+      <a-select
+        v-model:value="form.gpucardid"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => { return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0 }"
+        :loading="gpuCardLoading"
+        :placeholder="$t('label.gpu.card')"
+        @change="handleGpuCardChange">
+        <a-select-option v-for="(opt, optIndex) in gpuCards" :key="optIndex" :value="opt.id" :label="opt.name || opt.description || ''">{{ opt.description || opt.name || '' }}</a-select-option>
+      </a-select>
+    </a-form-item>
+
+    <a-form-item name="vgpuprofile" ref="vgpuprofile" :label="$t('label.vgpu.profile')" v-if="!isSystem && form.gpucardid && vgpuProfiles.length > 0">
+      <a-select
+        v-model:value="form.vgpuprofile"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => { return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0 }"
+        :loading="vgpuProfileLoading"
+        :placeholder="$t('label.vgpu.profile')">
+        <a-select-option v-for="(vgpu, vgpuIndex) in vgpuProfiles" :key="vgpuIndex" :value="vgpu.id" :label="vgpu.vgpuprofile || ''">{{ vgpu.name }} {{ getVgpuProfileDetails(vgpu) }}</a-select-option>
+      </a-select>
+    </a-form-item>
+
+    <a-row :gutter="12" v-if="!isSystem && form.gpucardid">
+      <a-col :md="12" :lg="12">
+        <a-form-item name="gpucount" ref="gpucount">
+          <template #label>
+            <tooltip-label :title="$t('label.gpu.count')" :tooltip="apiParams.gpucount.description"/>
+          </template>
+          <a-input v-model:value="form.gpucount" type="number" min="1" max="16" :placeholder="$t('label.gpu.count')"/>
+        </a-form-item>
+      </a-col>
+      <a-col :md="12" :lg="12">
+        <a-form-item name="gpudisplay" ref="gpudisplay">
+          <template #label>
+            <tooltip-label :title="$t('label.gpu.display')" :tooltip="apiParams.gpudisplay.description"/>
+          </template>
+          <a-switch v-model:checked="form.gpudisplay" />
+        </a-form-item>
+      </a-col>
+    </a-row>
+
+    <a-form-item name="ispublic" ref="ispublic" :label="$t('label.ispublic')" v-show="isAdmin()">
+      <a-switch v-model:checked="form.ispublic" />
+    </a-form-item>
+
+    <a-form-item name="domainid" ref="domainid" v-if="!form.ispublic">
+      <template #label>
+        <tooltip-label :title="$t('label.domainid')" :tooltip="apiParams.domainid.description"/>
+      </template>
+      <a-select
+        mode="multiple"
+        :getPopupContainer="(trigger) => trigger.parentNode"
+        v-model:value="form.domainid"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => { return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0 }"
+        :loading="domainLoading"
+        :placeholder="apiParams.domainid.description">
+        <a-select-option v-for="(opt, optIndex) in domains" :key="optIndex" :label="opt.path || opt.name || opt.description">
+          <span>
+            <resource-icon v-if="opt && opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
+            <block-outlined v-else style="margin-right: 5px" />
+            {{ opt.path || opt.name || opt.description }}
+          </span>
+        </a-select-option>
+      </a-select>
+    </a-form-item>
+
+    <a-form-item name="zoneid" ref="zoneid" v-if="!isSystem">
+      <template #label>
+        <tooltip-label :title="$t('label.zoneid')" :tooltip="apiParams.zoneid.description"/>
+      </template>
+      <a-select
+        id="zone-selection"
+        mode="multiple"
+        :getPopupContainer="(trigger) => trigger.parentNode"
+        v-model:value="form.zoneid"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => { return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0 }"
+        @select="val => fetchvSphereStoragePolicies(val)"
+        :loading="zoneLoading"
+        :placeholder="apiParams.zoneid.description">
+        <a-select-option v-for="(opt, optIndex) in zones" :key="optIndex" :label="opt.name || opt.description">
+          <span>
+            <resource-icon v-if="opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
+            <global-outlined v-else style="margin-right: 5px"/>
+            {{ opt.name || opt.description }}
+          </span>
+        </a-select-option>
+      </a-select>
+    </a-form-item>
+
+    <a-form-item name="storagepolicy" ref="storagepolicy" v-if="'listVsphereStoragePolicies' in $store.getters.apis && storagePolicies !== null">
+      <template #label>
+        <tooltip-label :title="$t('label.vmware.storage.policy')" :tooltip="apiParams.storagepolicy.description"/>
+      </template>
+      <a-select
+        :getPopupContainer="(trigger) => trigger.parentNode"
+        v-model:value="form.storagepolicy"
+        :placeholder="apiParams.storagepolicy.description"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => { return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0 }">
+        <a-select-option v-for="policy in storagePolicies" :key="policy.id" :label="policy.name || policy.id || ''">{{ policy.name || policy.id }}</a-select-option>
+      </a-select>
+    </a-form-item>
+
+    <a-form-item name="purgeresources" ref="purgeresources">
+      <template #label>
+        <tooltip-label :title="$t('label.purgeresources')" :tooltip="apiParams.purgeresources.description"/>
+      </template>
+      <a-switch v-model:checked="form.purgeresources"/>
+    </a-form-item>
+
+    <a-form-item name="showLeaseOptions" ref="showLeaseOptions" v-if="isLeaseFeatureEnabled">
+      <template #label>
+        <tooltip-label :title="$t('label.lease.enable')" :tooltip="$t('label.lease.enable.tooltip')" />
+      </template>
+      <a-switch v-model:checked="showLeaseOptions" @change="onToggleLeaseData"/>
+    </a-form-item>
+
+    <a-row :gutter="12" v-if="isLeaseFeatureEnabled && showLeaseOptions">
+      <a-col :md="12" :lg="12">
+        <a-form-item name="leaseduration" ref="leaseduration">
+          <template #label>
+            <tooltip-label :title="$t('label.leaseduration')"/>
+          </template>
+          <a-input v-model:value="form.leaseduration" :placeholder="$t('label.instance.lease.placeholder')"/>
+        </a-form-item>
+      </a-col>
+      <a-col :md="12" :lg="12">
+        <a-form-item name="leaseexpiryaction" ref="leaseexpiryaction" v-if="form.leaseduration > 0">
+          <template #label>
+            <tooltip-label :title="$t('label.leaseexpiryaction')" />
+          </template>
+          <a-select v-model:value="form.leaseexpiryaction" :defaultValue="expiryActions">
+            <a-select-option v-for="action in expiryActions" :key="action" :label="action"/>
+          </a-select>
+        </a-form-item>
+      </a-col>
+    </a-row>
+
+    <a-form-item name="computeonly" ref="computeonly">
+      <template #label>
+        <tooltip-label :title="$t('label.computeonly.offering')" :tooltip="$t('label.computeonly.offering.tooltip')"/>
+      </template>
+      <a-switch v-model:checked="form.computeonly" :checked="computeonly" @change="val => { computeonly = val }"/>
+    </a-form-item>
+
+    <a-card style="margin-bottom: 10px;">
+      <span v-if="computeonly">
+        <a-form-item name="storagetype" ref="storagetype">
+          <template #label>
+            <tooltip-label :title="$t('label.storagetype')" :tooltip="apiParams.storagetype.description"/>
+          </template>
+          <a-radio-group v-model:value="form.storagetype" buttonStyle="solid" @change="selected => { handleStorageTypeChange(selected.target.value) }">
+            <a-radio-button value="shared">{{ $t('label.shared') }}</a-radio-button>
+            <a-radio-button value="local">{{ $t('label.local') }}</a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item name="provisioningtype" ref="provisioningtype">
+          <template #label>
+            <tooltip-label :title="$t('label.provisioningtype')" :tooltip="apiParams.provisioningtype.description"/>
+          </template>
+          <a-radio-group v-model:value="form.provisioningtype" buttonStyle="solid" @change="selected => { handleProvisioningTypeChange(selected.target.value) }">
+            <a-radio-button value="thin">{{ $t('label.provisioningtype.thin') }}</a-radio-button>
+            <a-radio-button value="sparse">{{ $t('label.provisioningtype.sparse') }}</a-radio-button>
+            <a-radio-button value="fat">{{ $t('label.provisioningtype.fat') }}</a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item name="cachemode" ref="cachemode">
+          <template #label>
+            <tooltip-label :title="$t('label.cachemode')" :tooltip="apiParams.cachemode.description"/>
+          </template>
+          <a-radio-group v-model:value="form.cachemode" buttonStyle="solid" @change="selected => { handleCacheModeChange(selected.target.value) }">
+            <a-radio-button value="none">{{ $t('label.nodiskcache') }}</a-radio-button>
+            <a-radio-button value="writeback">{{ $t('label.writeback') }}</a-radio-button>
+            <a-radio-button value="writethrough">{{ $t('label.writethrough') }}</a-radio-button>
+            <a-radio-button value="hypervisor_default">{{ $t('label.hypervisor.default') }}</a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item :label="$t('label.qostype')" name="qostype" ref="qostype">
+          <a-radio-group v-model:value="form.qostype" buttonStyle="solid" @change="selected => { handleQosTypeChange(selected.target.value) }">
+            <a-radio-button value="">{{ $t('label.none') }}</a-radio-button>
+            <a-radio-button value="hypervisor">{{ $t('label.hypervisor') }}</a-radio-button>
+            <a-radio-button value="storage">{{ $t('label.storage') }}</a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+
+        <a-row :gutter="12" v-if="qosType === 'hypervisor'">
+          <a-col :md="12" :lg="12">
+            <a-form-item name="diskbytesreadrate" ref="diskbytesreadrate">
+              <template #label>
+                <tooltip-label :title="$t('label.diskbytesreadrate')" :tooltip="apiParams.bytesreadrate.description"/>
+              </template>
+              <a-input v-model:value="form.diskbytesreadrate" :placeholder="apiParams.bytesreadrate.description"/>
+            </a-form-item>
+          </a-col>
+          <a-col :md="12" :lg="12">
+            <a-form-item name="diskbyteswriterate" ref="diskbyteswriterate">
+              <template #label>
+                <tooltip-label :title="$t('label.diskbyteswriterate')" :tooltip="apiParams.byteswriterate.description"/>
+              </template>
+              <a-input v-model:value="form.diskbyteswriterate" :placeholder="apiParams.byteswriterate.description"/>
+            </a-form-item>
+          </a-col>
+        </a-row>
+
+        <a-row :gutter="12" v-if="qosType === 'hypervisor'">
+          <a-col :md="12" :lg="12">
+            <a-form-item name="diskiopsreadrate" ref="diskiopsreadrate">
+              <template #label>
+                <tooltip-label :title="$t('label.diskiopsreadrate')" :tooltip="apiParams.iopsreadrate.description"/>
+              </template>
+              <a-input v-model:value="form.diskiopsreadrate" :placeholder="apiParams.iopsreadrate.description"/>
+            </a-form-item>
+          </a-col>
+          <a-col :md="12" :lg="12">
+            <a-form-item name="diskiopswriterate" ref="diskiopswriterate">
+              <template #label>
+                <tooltip-label :title="$t('label.diskiopswriterate')" :tooltip="apiParams.iopswriterate.description"/>
+              </template>
+              <a-input v-model:value="form.diskiopswriterate" :placeholder="apiParams.iopswriterate.description"/>
+            </a-form-item>
+          </a-col>
+        </a-row>
+
+        <a-form-item v-if="!isSystem && qosType === 'storage'" name="iscustomizeddiskiops" ref="iscustomizeddiskiops">
+          <template #label>
+            <tooltip-label :title="$t('label.iscustomizeddiskiops')" :tooltip="apiParams.customizediops.description"/>
+          </template>
+          <a-switch v-model:checked="form.iscustomizeddiskiops" :checked="isCustomizedDiskIops" @change="val => { isCustomizedDiskIops = val }" />
+        </a-form-item>
+
+        <a-row :gutter="12" v-if="qosType === 'storage' && !isCustomizedDiskIops">
+          <a-col :md="12" :lg="12">
+            <a-form-item name="diskiopsmin" ref="diskiopsmin">
+              <template #label>
+                <tooltip-label :title="$t('label.diskiopsmin')" :tooltip="apiParams.miniops.description"/>
+              </template>
+              <a-input v-model:value="form.diskiopsmin" :placeholder="apiParams.miniops.description"/>
+            </a-form-item>
+          </a-col>
+          <a-col :md="12" :lg="12">
+            <a-form-item name="diskiopsmax" ref="diskiopsmax">
+              <template #label>
+                <tooltip-label :title="$t('label.diskiopsmax')" :tooltip="apiParams.maxiops.description"/>
+              </template>
+              <a-input v-model:value="form.diskiopsmax" :placeholder="apiParams.maxiops.description"/>
+            </a-form-item>
+          </a-col>
+        </a-row>
+
+        <a-form-item v-if="!isSystem && qosType === 'storage'" name="hypervisorsnapshotreserve" ref="hypervisorsnapshotreserve">
+          <template #label>
+            <tooltip-label :title="$t('label.hypervisorsnapshotreserve')" :tooltip="apiParams.hypervisorsnapshotreserve.description"/>
+          </template>
+          <a-input v-model:value="form.hypervisorsnapshotreserve" :placeholder="apiParams.hypervisorsnapshotreserve.description"/>
+        </a-form-item>
+
+        <a-row :gutter="12">
+          <a-col :md="12" :lg="12">
+            <a-form-item v-if="apiParams.rootdisksize" name="rootdisksize" ref="rootdisksize">
+              <template #label>
+                <tooltip-label :title="$t('label.root.disk.size')" :tooltip="apiParams.rootdisksize.description"/>
+              </template>
+              <a-input v-model:value="form.rootdisksize" :placeholder="apiParams.rootdisksize.description"/>
+            </a-form-item>
+          </a-col>
+          <a-col :md="12" :lg="12">
+            <a-form-item v-if="isAdmin() || isDomainAdminAllowedToInformTags" name="storagetags" ref="storagetags">
+              <template #label>
+                <tooltip-label :title="$t('label.storagetags')" :tooltip="apiParams.tags.description"/>
+              </template>
+              <a-select
+                mode="tags"
+                :getPopupContainer="(trigger) => trigger.parentNode"
+                v-model:value="form.storagetags"
+                showSearch
+                optionFilterProp="value"
+                :filterOption="(input, option) => { return option.value.toLowerCase().indexOf(input.toLowerCase()) >= 0 }"
+                :loading="storageTagLoading"
+                :placeholder="apiParams.tags.description"
+                v-if="isAdmin() || isDomainAdminAllowedToInformTags">
+                <a-select-option v-for="opt in storageTags" :key="opt">{{ opt }}</a-select-option>
+              </a-select>
+            </a-form-item>
+          </a-col>
+        </a-row>
+
+        <a-form-item name="encryptdisk" ref="encryptdisk">
+          <template #label>
+            <tooltip-label :title="$t('label.encrypt')" :tooltip="apiParams.encryptroot.description" />
+          </template>
+          <a-switch v-model:checked="form.encryptdisk" :checked="encryptdisk" @change="val => { encryptdisk = val }" />
+        </a-form-item>
+      </span>
+      <span v-if="!computeonly">
+        <a-form-item>
+          <a-button type="primary" @click="addDiskOffering()"> {{ $t('label.add.disk.offering') }} </a-button>
+          <a-modal
+            :visible="showDiskOfferingModal"
+            :title="$t('label.add.disk.offering')"
+            :footer="null"
+            centered
+            :closable="true"
+            @cancel="closeDiskOfferingModal"
+            width="auto">
+            <add-disk-offering @close-action="closeDiskOfferingModal()" @publish-disk-offering-id="($event) => updateSelectedDiskOffering($event)"/>
+          </a-modal>
+          <br /><br />
+          <a-form-item :label="$t('label.disk.offerings')" name="diskofferingid" ref="diskofferingid">
+            <a-select :getPopupContainer="(trigger) => trigger.parentNode" v-model:value="form.diskofferingid" :loading="loading" :placeholder="$t('label.diskoffering')">
+              <a-select-option v-for="(offering, index) in diskOfferings" :value="offering.id" :key="index">{{ offering.displaytext || offering.name }}</a-select-option>
+            </a-select>
+          </a-form-item>
+        </a-form-item>
+      </span>
+      <a-form-item name="diskofferingstrictness" ref="diskofferingstrictness">
+        <template #label>
+          <tooltip-label :title="$t('label.diskofferingstrictness')" :tooltip="apiParams.diskofferingstrictness.description"/>
+        </template>
+        <a-switch v-model:checked="form.diskofferingstrictness" :checked="diskofferingstrictness" @change="val => { diskofferingstrictness = val }"/>
+      </a-form-item>
+    </a-card>
+
+    <a-form-item name="externaldetails" ref="externaldetails">
+      <template #label>
+        <tooltip-label :title="$t('label.externaldetails')" :tooltip="apiParams.externaldetails.description"/>
+      </template>
+      <a-switch v-model:checked="externalDetailsEnabled" @change="onExternalDetailsEnabledChange"/>
+      <a-card v-if="externalDetailsEnabled" style="margin-top: 10px">
+        <div style="margin-bottom: 10px">{{ $t('message.add.orchestrator.resource.details') }}</div>
+        <details-input v-model:value="form.externaldetails" />
+      </a-card>
+    </a-form-item>
+
+    <slot name="form-actions"></slot>
+  </a-form>
+</template>
+
+<script>
+import { reactive, toRaw } from 'vue'
+import { getAPI } from '@/api'
+import AddDiskOffering from '@/views/offering/AddDiskOffering'
+import { isAdmin } from '@/role'
+import { mixinForm } from '@/utils/mixin'
+import ResourceIcon from '@/components/view/ResourceIcon'
+import TooltipLabel from '@/components/widgets/TooltipLabel'
+import DetailsInput from '@/components/widgets/DetailsInput'
+import store from '@/store'
+
+export default {
+  name: 'ComputeOfferingForm',
+  mixins: [mixinForm],
+  components: {
+    AddDiskOffering,
+    ResourceIcon,
+    TooltipLabel,
+    DetailsInput
+  },
+  props: {
+    initialValues: {
+      type: Object,
+      default: () => ({})
+    },
+    apiParams: {
+      type: Object,
+      default: () => ({})
+    },
+    isSystem: {
+      type: Boolean,
+      default: false
+    },
+    isAdmin: {
+      type: Function,
+      default: () => false
+    }
+  },
+  data () {
+    return {
+      internalFormRef: null,
+      form: reactive(Object.assign({
+        systemvmtype: 'domainrouter',
+        offeringtype: 'fixed',
+        ispublic: true,
+        dynamicscalingenabled: true,
+        plannermode: '',
+        gpucardid: '',
+        vgpuprofile: '',
+        gpucount: '1',
+        gpudisplay: false,
+        computeonly: true,
+        storagetype: 'shared',
+        provisioningtype: 'thin',
+        cachemode: 'none',
+        qostype: '',
+        iscustomizeddiskiops: false,
+        diskofferingid: null,
+        diskofferingstrictness: false,
+        encryptdisk: false,
+        leaseduration: undefined,
+        leaseexpiryaction: undefined
+      }, this.initialValues || {})),
+      rules: reactive({}),
+      // other UI state copied
+      storageType: 'shared',
+      provisioningType: 'thin',
+      cacheMode: 'none',
+      offeringType: 'fixed',
+      isCustomizedDiskIops: false,
+      isPublic: true,
+      domains: [],
+      domainLoading: false,
+      zones: [],
+      zoneLoading: false,
+      selectedDeploymentPlanner: null,
+      storagePolicies: null,
+      storageTags: [],
+      storageTagLoading: false,
+      deploymentPlanners: [],
+      deploymentPlannerLoading: false,
+      plannerModeVisible: false,
+      plannerMode: '',
+      selectedGpuCard: '',
+      showDiskOfferingModal: false,
+      gpuCardLoading: false,
+      gpuCards: [],
+      loading: false,
+      dynamicscalingenabled: true,
+      diskofferingstrictness: false,
+      encryptdisk: false,
+      computeonly: true,
+      diskOfferingLoading: false,
+      diskOfferings: [],
+      selectedDiskOfferingId: '',
+      qosType: '',
+      isDomainAdminAllowedToInformTags: false,
+      isLeaseFeatureEnabled: this.$store.getters.features.instanceleaseenabled,
+      showLeaseOptions: false,
+      expiryActions: ['STOP', 'DESTROY'],
+      defaultLeaseDuration: 90,
+      defaultLeaseExpiryAction: 'STOP',
+      leaseduration: undefined,
+      leaseexpiryaction: undefined,
+      vgpuProfiles: [],
+      vgpuProfileLoading: false,
+      externalDetailsEnabled: false
+    }
+  },
+  created () {
+    this.zones = [{ id: null, name: this.$t('label.all.zone') }]
+    this.initForm()
+    this.fetchData()
+    this.isPublic = isAdmin()
+    this.form.ispublic = this.isPublic
+  },
+  methods: {
+    initForm () {
+      this.formRef = this.$refs.internalFormRef
+      this.rules = reactive({
+        name: [{ required: true, message: this.$t('message.error.required.input') }]
+      })
+    },
+    fetchData () {
+      this.fetchDomainData()
+      this.fetchZoneData()
+      this.fetchGPUCards()
+      if (isAdmin()) {
+        this.fetchStorageTagData()
+        this.fetchDeploymentPlannerData()
+      } else if (this.isDomainAdmin()) {
+        this.checkIfDomainAdminIsAllowedToInformTag()
+        if (this.isDomainAdminAllowedToInformTags) {
+          this.fetchStorageTagData()
+        }
+      }
+      this.fetchDiskOfferings()
+    },
+    fetchGPUCards () {
+      this.gpuCardLoading = true
+      getAPI('listGpuCards', {
+      }).then(json => {
+        this.gpuCards = json.listgpucardsresponse.gpucard || []
+        this.gpuCards.unshift({ id: '', name: this.$t('label.none') })
+      }).finally(() => {
+        this.gpuCardLoading = false
+      })
+    },
+    addDiskOffering () { this.showDiskOfferingModal = true },
+    fetchDiskOfferings () {
+      this.diskOfferingLoading = true
+      getAPI('listDiskOfferings', { listall: true }).then(json => {
+        this.diskOfferings = json.listdiskofferingsresponse.diskoffering || []
+        if (this.selectedDiskOfferingId === '') {
+          this.selectedDiskOfferingId = this.diskOfferings[0]?.id || ''
+        }
+      }).finally(() => { this.diskOfferingLoading = false })
+    },
+    updateSelectedDiskOffering (id) { if (id) this.selectedDiskOfferingId = id },
+    closeDiskOfferingModal () { this.fetchDiskOfferings(); this.showDiskOfferingModal = false },
+    isDomainAdmin () {
+      return ['DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
+    },
+    getVgpuProfileDetails (vgpuProfile) {
+      let output = '('
+      if (vgpuProfile?.videoram) output += `${vgpuProfile.videoram} MB`
+      if (vgpuProfile?.maxresolutionx && vgpuProfile?.maxresolutiony) {
+        if (output !== '(') output += ', '
+        output += `${vgpuProfile.maxresolutionx}x${vgpuProfile.maxresolutiony}`
+      }
+      output += ')'
+      return output === '()' ? '' : output
+    },
+    checkIfDomainAdminIsAllowedToInformTag () {
+      const params = { id: store.getters.userInfo.accountid }
+      getAPI('isAccountAllowedToCreateOfferingsWithTags', params).then(json => {
+        this.isDomainAdminAllowedToInformTags = json.isaccountallowedtocreateofferingswithtagsresponse.isallowed.isallowed
+      })
+    },
+    arrayHasItems (array) { return array !== null && array !== undefined && Array.isArray(array) && array.length > 0 },
+    fetchDomainData () {
+      const params = { listAll: true, showicon: true, details: 'min' }
+      this.domainLoading = true
+      getAPI('listDomains', params).then(json => {
+        const listDomains = json.listdomainsresponse.domain
+        this.domains = this.domains.concat(listDomains)
+      }).finally(() => { this.domainLoading = false })
+    },
+    fetchZoneData () {
+      const params = { showicon: true }
+      this.zoneLoading = true
+      getAPI('listZones', params).then(json => {
+        const listZones = json.listzonesresponse.zone
+        if (listZones) this.zones = this.zones.concat(listZones)
+      }).finally(() => { this.zoneLoading = false })
+    },
+    fetchStorageTagData () {
+      this.storageTagLoading = true
+      this.storageTags = []
+      getAPI('listStorageTags').then(json => {
+        const tags = json.liststoragetagsresponse.storagetag || []
+        for (const tag of tags) if (!this.storageTags.includes(tag.name)) this.storageTags.push(tag.name)
+      }).finally(() => { this.storageTagLoading = false })
+    },
+    fetchDeploymentPlannerData () {
+      this.deploymentPlannerLoading = true
+      getAPI('listDeploymentPlanners').then(json => {
+        const planners = json.listdeploymentplannersresponse.deploymentPlanner
+        this.deploymentPlanners = this.deploymentPlanners.concat(planners)
+        this.deploymentPlanners.unshift({ name: '' })
+        this.form.deploymentplanner = this.deploymentPlanners.length > 0 ? this.deploymentPlanners[0].name : ''
+      }).finally(() => { this.deploymentPlannerLoading = false })
+    },
+    fetchvSphereStoragePolicies (zoneIndex) {
+      if (zoneIndex === 0 || this.form.zoneid.length > 1) { this.storagePolicies = null; return }
+      const zoneid = this.zones[zoneIndex].id
+      if ('importVsphereStoragePolicies' in this.$store.getters.apis) {
+        this.storagePolicies = []
+        getAPI('listVsphereStoragePolicies', { zoneid }).then(response => { this.storagePolicies = response.listvspherestoragepoliciesresponse.StoragePolicy || [] })
+      }
+    },
+    handleStorageTypeChange (val) { this.storageType = val },
+    handleProvisioningTypeChange (val) { this.provisioningType = val },
+    handleCacheModeChange (val) { this.cacheMode = val },
+    handleComputeOfferingTypeChange (val) { this.offeringType = val },
+    handleQosTypeChange (val) { this.qosType = val },
+    handleDeploymentPlannerChange (planner) { this.selectedDeploymentPlanner = planner; this.plannerModeVisible = false; if (this.selectedDeploymentPlanner === 'ImplicitDedicationPlanner') this.plannerModeVisible = isAdmin() },
+    handleGpuCardChange (cardId) { this.selectedGpuCard = cardId; this.form.vgpuprofile = ''; if (cardId && cardId !== '') this.fetchVgpuProfiles(cardId); else { this.vgpuProfiles = []; this.form.gpucount = '1' } },
+    fetchVgpuProfiles (gpuCardId) { this.vgpuProfileLoading = true; this.vgpuProfiles = []; getAPI('listVgpuProfiles', { gpucardid: gpuCardId }).then(json => { this.vgpuProfiles = json.listvgpuprofilesresponse.vgpuprofile || []; this.form.vgpuprofile = this.vgpuProfiles.length > 0 ? this.vgpuProfiles[0].id : '' }).catch(() => { this.vgpuProfiles = [] }).finally(() => { this.vgpuProfileLoading = false }) },
+    onExternalDetailsEnabledChange (val) { if (val || !this.form.externaldetails) return; this.form.externaldetails = undefined },
+    onToggleLeaseData () { if (this.showLeaseOptions === false) { this.leaseduration = undefined; this.leaseexpiryaction = undefined } else { this.leaseduration = this.leaseduration !== undefined ? this.leaseduration : this.defaultLeaseDuration; this.leaseexpiryaction = this.leaseexpiryaction !== undefined ? this.leaseexpiryaction : this.defaultLeaseExpiryAction } this.form.leaseduration = this.leaseduration; this.form.leaseexpiryaction = this.leaseexpiryaction },
+
+    validate () {
+      return this.$refs.internalFormRef.validate().then(() => {
+        const formRaw = toRaw(this.form)
+        const values = this.handleRemoveFields(formRaw)
+        return values
+      })
+    },
+    onInternalSubmit (e) {
+      // When internal form triggers submit, validate and emit
+      this.validate().then(values => this.$emit('submit', values))
+    }
+  }
+}
+</script>
+
+<style scoped>
+</style>
diff --git a/ui/src/components/offering/DiskOfferingForm.vue b/ui/src/components/offering/DiskOfferingForm.vue
new file mode 100644
index 000000000000..f3f39647fefa
--- /dev/null
+++ b/ui/src/components/offering/DiskOfferingForm.vue
@@ -0,0 +1,507 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+  <a-form
+    ref="internalFormRef"
+    :model="form"
+    :rules="rules"
+    @finish="onInternalSubmit"
+    layout="vertical">
+    <a-form-item name="name" ref="name">
+      <template #label>
+        <tooltip-label :title="$t('label.name')" :tooltip="apiParams.name.description"/>
+      </template>
+      <a-input
+        v-focus="true"
+        v-model:value="form.name"
+        :placeholder="apiParams.name.description"/>
+    </a-form-item>
+    <a-form-item name="displaytext" ref="displaytext">
+      <template #label>
+        <tooltip-label :title="$t('label.displaytext')" :tooltip="apiParams.displaytext.description"/>
+      </template>
+      <a-input
+        v-model:value="form.displaytext"
+        :placeholder="apiParams.displaytext.description"/>
+    </a-form-item>
+    <a-form-item name="storagetype" ref="storagetype">
+      <template #label>
+        <tooltip-label :title="$t('label.storagetype')" :tooltip="apiParams.storagetype.description"/>
+      </template>
+      <a-radio-group
+        v-model:value="form.storagetype"
+        buttonStyle="solid">
+        <a-radio-button value="shared">
+          {{ $t('label.shared') }}
+        </a-radio-button>
+        <a-radio-button value="local">
+          {{ $t('label.local') }}
+        </a-radio-button>
+      </a-radio-group>
+    </a-form-item>
+    <a-form-item name="provisioningtype" ref="provisioningtype">
+      <template #label>
+        <tooltip-label :title="$t('label.provisioningtype')" :tooltip="apiParams.provisioningtype.description"/>
+      </template>
+      <a-radio-group
+        v-model:value="form.provisioningtype"
+        buttonStyle="solid">
+        <a-radio-button value="thin">
+          {{ $t('label.provisioningtype.thin') }}
+        </a-radio-button>
+        <a-radio-button value="sparse">
+          {{ $t('label.provisioningtype.sparse') }}
+        </a-radio-button>
+        <a-radio-button value="fat">
+          {{ $t('label.provisioningtype.fat') }}
+        </a-radio-button>
+      </a-radio-group>
+    </a-form-item>
+    <a-form-item name="encryptdisk" ref="encryptdisk">
+      <template #label>
+        <tooltip-label :title="$t('label.encrypt')" :tooltip="apiParams.encrypt.description" />
+      </template>
+      <a-switch v-model:checked="form.encryptdisk" :checked="encryptdisk" @change="val => { encryptdisk = val }" />
+    </a-form-item>
+    <a-form-item name="disksizestrictness" ref="disksizestrictness">
+      <template #label>
+        <tooltip-label :title="$t('label.disksizestrictness')" :tooltip="apiParams.disksizestrictness.description" />
+      </template>
+      <a-switch v-model:checked="form.disksizestrictness" :checked="disksizestrictness" @change="val => { disksizestrictness = val }" />
+    </a-form-item>
+    <a-form-item name="customdisksize" ref="customdisksize">
+      <template #label>
+        <tooltip-label :title="$t('label.customdisksize')" :tooltip="apiParams.customized.description"/>
+      </template>
+      <a-switch v-model:checked="form.customdisksize" />
+    </a-form-item>
+    <a-form-item v-if="!form.customdisksize" name="disksize" ref="disksize">
+      <template #label>
+        <tooltip-label :title="$t('label.disksize')" :tooltip="apiParams.disksize.description"/>
+      </template>
+      <a-input
+        v-model:value="form.disksize"
+        :placeholder="apiParams.disksize.description"/>
+    </a-form-item>
+    <a-form-item name="qostype" ref="qostype" :label="$t('label.qostype')">
+      <a-radio-group
+        v-model:value="form.qostype"
+        buttonStyle="solid">
+        <a-radio-button value="">
+          {{ $t('label.none') }}
+        </a-radio-button>
+        <a-radio-button value="hypervisor">
+          {{ $t('label.hypervisor') }}
+        </a-radio-button>
+        <a-radio-button value="storage">
+          {{ $t('label.storage') }}
+        </a-radio-button>
+      </a-radio-group>
+    </a-form-item>
+    <a-form-item v-if="form.qostype === 'hypervisor'" name="diskbytesreadrate" ref="diskbytesreadrate">
+      <template #label>
+        <tooltip-label :title="$t('label.diskbytesreadrate')" :tooltip="apiParams.bytesreadrate.description"/>
+      </template>
+      <a-input
+        v-model:value="form.diskbytesreadrate"
+        :placeholder="apiParams.bytesreadrate.description"/>
+    </a-form-item>
+    <a-form-item v-if="form.qostype === 'hypervisor'" name="diskbytesreadratemax" ref="diskbytesreadratemax">
+      <template #label>
+        <tooltip-label :title="$t('label.diskbytesreadratemax')" :tooltip="apiParams.bytesreadratemax.description"/>
+      </template>
+      <a-input
+        v-model:value="form.diskbytesreadratemax"
+        :placeholder="apiParams.bytesreadratemax.description"/>
+    </a-form-item>
+    <a-form-item v-if="form.qostype === 'hypervisor'" name="diskbyteswriterate" ref="diskbyteswriterate">
+      <template #label>
+        <tooltip-label :title="$t('label.diskbyteswriterate')" :tooltip="apiParams.byteswriterate.description"/>
+      </template>
+      <a-input
+        v-model:value="form.diskbyteswriterate"
+        :placeholder="apiParams.byteswriterate.description"/>
+    </a-form-item>
+    <a-form-item v-if="form.qostype === 'hypervisor'" name="diskbyteswriteratemax" ref="diskbyteswriteratemax">
+      <template #label>
+        <tooltip-label :title="$t('label.diskbyteswriteratemax')" :tooltip="apiParams.byteswriteratemax.description"/>
+      </template>
+      <a-input
+        v-model:value="form.diskbyteswriteratemax"
+        :placeholder="apiParams.byteswriteratemax.description"/>
+    </a-form-item>
+    <a-form-item v-if="form.qostype === 'hypervisor'" name="diskiopsreadrate" ref="diskiopsreadrate">
+      <template #label>
+        <tooltip-label :title="$t('label.diskiopsreadrate')" :tooltip="apiParams.iopsreadrate.description"/>
+      </template>
+      <a-input
+        v-model:value="form.diskiopsreadrate"
+        :placeholder="apiParams.iopsreadrate.description"/>
+    </a-form-item>
+    <a-form-item v-if="form.qostype === 'hypervisor'" name="diskiopswriterate" ref="diskiopswriterate">
+      <template #label>
+        <tooltip-label :title="$t('label.diskiopswriterate')" :tooltip="apiParams.iopswriterate.description"/>
+      </template>
+      <a-input
+        v-model:value="form.diskiopswriterate"
+        :placeholder="apiParams.iopswriterate.description"/>
+    </a-form-item>
+    <a-form-item v-if="form.qostype === 'storage'" name="iscustomizeddiskiops" ref="iscustomizeddiskiops">
+      <template #label>
+        <tooltip-label :title="$t('label.iscustomizeddiskiops')" :tooltip="apiParams.customizediops.description"/>
+      </template>
+      <a-switch v-model:checked="form.iscustomizeddiskiops" />
+    </a-form-item>
+    <a-form-item v-if="form.qostype === 'storage' && !form.iscustomizeddiskiops" name="diskiopsmin" ref="diskiopsmin">
+      <template #label>
+        <tooltip-label :title="$t('label.diskiopsmin')" :tooltip="apiParams.miniops.description"/>
+      </template>
+      <a-input
+        v-model:value="form.diskiopsmin"
+        :placeholder="apiParams.miniops.description"/>
+    </a-form-item>
+    <a-form-item v-if="form.qostype === 'storage' && !form.iscustomizeddiskiops" name="diskiopsmax" ref="diskiopsmax">
+      <template #label>
+        <tooltip-label :title="$t('label.diskiopsmax')" :tooltip="apiParams.maxiops.description"/>
+      </template>
+      <a-input
+        v-model:value="form.diskiopsmax"
+        :placeholder="apiParams.maxiops.description"/>
+    </a-form-item>
+    <a-form-item v-if="form.qostype === 'storage'" name="hypervisorsnapshotreserve" ref="hypervisorsnapshotreserve">
+      <template #label>
+        <tooltip-label :title="$t('label.hypervisorsnapshotreserve')" :tooltip="apiParams.hypervisorsnapshotreserve.description"/>
+      </template>
+      <a-input
+        v-model:value="form.hypervisorsnapshotreserve"
+        :placeholder="apiParams.hypervisorsnapshotreserve.description"/>
+    </a-form-item>
+    <a-form-item name="writecachetype" ref="writecachetype">
+      <template #label>
+        <tooltip-label :title="$t('label.writecachetype')" :tooltip="apiParams.cachemode.description"/>
+      </template>
+      <a-radio-group
+        v-model:value="form.writecachetype"
+        buttonStyle="solid"
+        @change="selected => { handleWriteCacheTypeChange(selected.target.value) }">
+        <a-radio-button value="none">
+          {{ $t('label.nodiskcache') }}
+        </a-radio-button>
+        <a-radio-button value="writeback">
+          {{ $t('label.writeback') }}
+        </a-radio-button>
+        <a-radio-button value="writethrough">
+          {{ $t('label.writethrough') }}
+        </a-radio-button>
+        <a-radio-button value="hypervisor_default">
+          {{ $t('label.hypervisor.default') }}
+        </a-radio-button>
+      </a-radio-group>
+    </a-form-item>
+    <a-form-item v-if="isAdmin() || isDomainAdminAllowedToInformTags" name="tags" ref="tags">
+      <template #label>
+        <tooltip-label :title="$t('label.storagetags')" :tooltip="apiParams.tags.description"/>
+      </template>
+      <a-select
+        :getPopupContainer="(trigger) => trigger.parentNode"
+        mode="tags"
+        v-model:value="form.tags"
+        showSearch
+        optionFilterProp="value"
+        :filterOption="(input, option) => {
+          return option.value.toLowerCase().indexOf(input.toLowerCase()) >= 0
+        }"
+        :loading="storageTagLoading"
+        :placeholder="apiParams.tags.description"
+        v-if="isAdmin() || isDomainAdminAllowedToInformTags">
+        <a-select-option v-for="(opt) in storageTags" :key="opt">
+          {{ opt }}
+        </a-select-option>
+      </a-select>
+    </a-form-item>
+    <a-form-item :label="$t('label.ispublic')" v-show="isAdmin()" name="ispublic" ref="ispublic">
+      <a-switch v-model:checked="form.ispublic" @change="val => { isPublic = val }" />
+    </a-form-item>
+    <a-form-item v-if="!isPublic" name="domainid" ref="domainid">
+      <template #label>
+        <tooltip-label :title="$t('label.domainid')" :tooltip="apiParams.domainid.description"/>
+      </template>
+      <a-select
+        mode="multiple"
+        :getPopupContainer="(trigger) => trigger.parentNode"
+        v-model:value="form.domainid"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => {
+          return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+        }"
+        :loading="domainLoading"
+        :placeholder="apiParams.domainid.description">
+        <a-select-option v-for="(opt, optIndex) in domains" :key="optIndex" :label="opt.path || opt.name || opt.description">
+          <span>
+            <resource-icon v-if="opt && opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
+            <block-outlined v-else style="margin-right: 5px" />
+            {{ opt.path || opt.name || opt.description }}
+          </span>
+        </a-select-option>
+      </a-select>
+    </a-form-item>
+    <a-form-item name="zoneid" ref="zoneid">
+      <template #label>
+        <tooltip-label :title="$t('label.zoneid')" :tooltip="apiParams.zoneid.description"/>
+      </template>
+      <a-select
+        id="zone-selection"
+        mode="multiple"
+        :getPopupContainer="(trigger) => trigger.parentNode"
+        v-model:value="form.zoneid"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => {
+          return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+        }"
+        @select="val => fetchvSphereStoragePolicies(val)"
+        :loading="zoneLoading"
+        :placeholder="apiParams.zoneid.description">
+        <a-select-option v-for="(opt, optIndex) in zones" :key="optIndex" :label="opt.name || opt.description">
+          <span>
+            <resource-icon v-if="opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
+            <global-outlined v-else style="margin-right: 5px"/>
+            {{ opt.name || opt.description }}
+          </span>
+        </a-select-option>
+      </a-select>
+    </a-form-item>
+    <a-form-item v-if="'listVsphereStoragePolicies' in $store.getters.apis && storagePolicies !== null" name="storagepolicy" ref="storagepolicy">
+      <template #label>
+        <tooltip-label :title="$t('label.vmware.storage.policy')" :tooltip="apiParams.storagepolicy.description"/>
+      </template>
+      <a-select
+        :getPopupContainer="(trigger) => trigger.parentNode"
+        v-model:value="form.storagepolicy"
+        :placeholder="apiParams.storagepolicy.description"
+        showSearch
+        optionFilterProp="label"
+        :filterOption="(input, option) => {
+          return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+        }">
+        <a-select-option v-for="policy in storagePolicies" :key="policy.id" :label="policy.name || policy.id || ''">
+          {{ policy.name || policy.id }}
+        </a-select-option>
+      </a-select>
+    </a-form-item>
+    <slot name="form-actions"></slot>
+  </a-form>
+</template>
+
+<script>
+import { reactive, toRaw } from 'vue'
+import { getAPI } from '@/api'
+import { isAdmin } from '@/role'
+import { mixinForm } from '@/utils/mixin'
+import ResourceIcon from '@/components/view/ResourceIcon'
+import TooltipLabel from '@/components/widgets/TooltipLabel'
+import store from '@/store'
+import { BlockOutlined, GlobalOutlined } from '@ant-design/icons-vue'
+
+export default {
+  name: 'DiskOfferingForm',
+  mixins: [mixinForm],
+  components: {
+    ResourceIcon,
+    TooltipLabel,
+    BlockOutlined,
+    GlobalOutlined
+  },
+  props: {
+    initialValues: {
+      type: Object,
+      default: () => ({})
+    },
+    apiParams: {
+      type: Object,
+      default: () => ({})
+    },
+    isAdmin: {
+      type: Function,
+      default: () => false
+    }
+  },
+  data () {
+    return {
+      internalFormRef: null,
+      form: reactive(Object.assign({
+        storagetype: 'shared',
+        provisioningtype: 'thin',
+        customdisksize: true,
+        writecachetype: 'none',
+        qostype: '',
+        ispublic: true,
+        disksizestrictness: false,
+        encryptdisk: false
+      }, this.initialValues || {})),
+      rules: reactive({}),
+      storageTags: [],
+      storagePolicies: null,
+      storageTagLoading: false,
+      isPublic: true,
+      domains: [],
+      domainLoading: false,
+      zones: [],
+      zoneLoading: false,
+      disksizestrictness: false,
+      encryptdisk: false,
+      isDomainAdminAllowedToInformTags: false
+    }
+  },
+  created () {
+    this.zones = [{ id: null, name: this.$t('label.all.zone') }]
+    this.initForm()
+    this.fetchData()
+    this.isPublic = isAdmin()
+    this.form.ispublic = this.isPublic
+  },
+  methods: {
+    initForm () {
+      this.formRef = this.$refs.internalFormRef
+      this.rules = reactive({
+        name: [{ required: true, message: this.$t('message.error.required.input') }],
+        disksize: [
+          { required: true, message: this.$t('message.error.required.input') },
+          { type: 'number', validator: this.validateNumber }
+        ],
+        diskbytesreadrate: [{ type: 'number', validator: this.validateNumber }],
+        diskbytesreadratemax: [{ type: 'number', validator: this.validateNumber }],
+        diskbyteswriterate: [{ type: 'number', validator: this.validateNumber }],
+        diskbyteswriteratemax: [{ type: 'number', validator: this.validateNumber }],
+        diskiopsreadrate: [{ type: 'number', validator: this.validateNumber }],
+        diskiopswriterate: [{ type: 'number', validator: this.validateNumber }],
+        diskiopsmin: [{ type: 'number', validator: this.validateNumber }],
+        diskiopsmax: [{ type: 'number', validator: this.validateNumber }],
+        hypervisorsnapshotreserve: [{ type: 'number', validator: this.validateNumber }],
+        domainid: [{ type: 'array', required: true, message: this.$t('message.error.select') }],
+        zoneid: [{
+          type: 'array',
+          validator: async (rule, value) => {
+            if (value && value.length > 1 && value.indexOf(0) !== -1) {
+              return Promise.reject(this.$t('message.error.zone.combined'))
+            }
+            return Promise.resolve()
+          }
+        }]
+      })
+    },
+    fetchData () {
+      this.fetchDomainData()
+      this.fetchZoneData()
+      if (isAdmin()) {
+        this.fetchStorageTagData()
+      }
+      if (this.isDomainAdmin()) {
+        this.checkIfDomainAdminIsAllowedToInformTag()
+        if (this.isDomainAdminAllowedToInformTags) {
+          this.fetchStorageTagData()
+        }
+      }
+    },
+    handleWriteCacheTypeChange (val) {
+      this.form.writecachetype = val
+    },
+    isDomainAdmin () {
+      return ['DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
+    },
+    checkIfDomainAdminIsAllowedToInformTag () {
+      const params = { id: store.getters.userInfo.accountid }
+      getAPI('isAccountAllowedToCreateOfferingsWithTags', params).then(json => {
+        this.isDomainAdminAllowedToInformTags = json.isaccountallowedtocreateofferingswithtagsresponse.isallowed.isallowed
+      })
+    },
+    fetchDomainData () {
+      const params = {}
+      params.listAll = true
+      params.showicon = true
+      params.details = 'min'
+      this.domainLoading = true
+      getAPI('listDomains', params).then(json => {
+        const listDomains = json.listdomainsresponse.domain
+        this.domains = this.domains.concat(listDomains)
+      }).finally(() => {
+        this.domainLoading = false
+      })
+    },
+    fetchZoneData () {
+      const params = {}
+      params.showicon = true
+      this.zoneLoading = true
+      getAPI('listZones', params).then(json => {
+        const listZones = json.listzonesresponse.zone
+        if (listZones) {
+          this.zones = this.zones.concat(listZones)
+        }
+      }).finally(() => {
+        this.zoneLoading = false
+      })
+    },
+    fetchStorageTagData () {
+      const params = {}
+      this.storageTagLoading = true
+      getAPI('listStorageTags', params).then(json => {
+        const tags = json.liststoragetagsresponse.storagetag || []
+        for (const tag of tags) {
+          if (!this.storageTags.includes(tag.name)) {
+            this.storageTags.push(tag.name)
+          }
+        }
+      }).finally(() => {
+        this.storageTagLoading = false
+      })
+    },
+    fetchvSphereStoragePolicies (zoneIndex) {
+      if (zoneIndex === 0 || this.form.zoneid.length > 1) {
+        this.storagePolicies = null
+        return
+      }
+      const zoneid = this.zones[zoneIndex].id
+      if ('importVsphereStoragePolicies' in this.$store.getters.apis) {
+        this.storagePolicies = []
+        getAPI('listVsphereStoragePolicies', {
+          zoneid: zoneid
+        }).then(response => {
+          this.storagePolicies = response.listvspherestoragepoliciesresponse.StoragePolicy || []
+        })
+      }
+    },
+    validate () {
+      return this.$refs.internalFormRef.validate().then(() => {
+        const formRaw = toRaw(this.form)
+        const values = this.handleRemoveFields(formRaw)
+        return values
+      })
+    },
+    onInternalSubmit () {
+      this.$emit('submit')
+    },
+    async validateNumber (rule, value) {
+      if (value && (isNaN(value) || value <= 0)) {
+        return Promise.reject(this.$t('message.error.number'))
+      }
+      return Promise.resolve()
+    }
+  }
+}
+</script>
diff --git a/ui/src/composables/useServiceCapabilityParams.js b/ui/src/composables/useServiceCapabilityParams.js
new file mode 100644
index 000000000000..734f30ec3f4a
--- /dev/null
+++ b/ui/src/composables/useServiceCapabilityParams.js
@@ -0,0 +1,153 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+export function buildServiceCapabilityParams (params, values, selectedServiceProviderMap, registeredServicePackages) {
+  const supportedServices = Object.keys(selectedServiceProviderMap)
+  params.supportedservices = supportedServices.join(',')
+  for (const k in supportedServices) {
+    params[`serviceProviderList[${k}].service`] = supportedServices[k]
+    params[`serviceProviderList[${k}].provider`] = selectedServiceProviderMap[supportedServices[k]]
+  }
+  let serviceCapabilityIndex = 0
+  if (supportedServices.includes('Connectivity')) {
+    if (values.supportsstrechedl2subnet === true) {
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].service`] = 'Connectivity'
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilitytype`] = 'RegionLevelVpc'
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilityvalue`] = true
+      serviceCapabilityIndex++
+    }
+    if (values.supportspublicaccess === true) {
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].service`] = 'Connectivity'
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilitytype`] = 'DistributedRouter'
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilityvalue`] = true
+      serviceCapabilityIndex++
+    }
+    delete params.supportsstrechedl2subnet
+    delete params.supportspublicaccess
+  }
+  // SourceNat capabilities
+  if (supportedServices.includes('SourceNat')) {
+    if (values.redundantroutercapability === true) {
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].service`] = 'SourceNat'
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilitytype`] = 'RedundantRouter'
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilityvalue`] = true
+      serviceCapabilityIndex++
+    }
+    params[`servicecapabilitylist[${serviceCapabilityIndex}].service`] = 'SourceNat'
+    params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilitytype`] = 'SupportedSourceNatTypes'
+    params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilityvalue`] = values.sourcenattype
+    serviceCapabilityIndex++
+    delete params.redundantroutercapability
+    delete params.sourcenattype
+  } else if (values.redundantroutercapability === true) {
+    params[`serviceCapabilityList[${serviceCapabilityIndex}].service`] = 'Gateway'
+    params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilitytype`] = 'RedundantRouter'
+    params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilityvalue`] = true
+    serviceCapabilityIndex++
+  }
+  // StaticNat capabilities
+  if (supportedServices.includes('SourceNat')) {
+    if (values.elasticip === true) {
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].service`] = 'StaticNat'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilitytype`] = 'ElasticIp'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilityvalue`] = true
+      serviceCapabilityIndex++
+    }
+    if (values.elasticip === true || values.associatepublicip === true) {
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].service`] = 'StaticNat'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilitytype`] = 'associatePublicIP'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilityvalue`] = values.associatepublicip
+      serviceCapabilityIndex++
+    }
+    delete params.elasticip
+    delete params.associatepublicip
+  }
+  // Lb capabilities
+  if (supportedServices.includes('Lb')) {
+    if ('vmautoscalingcapability' in values) {
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].service`] = 'lb'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilitytype`] = 'VmAutoScaling'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilityvalue`] = values.vmautoscalingcapability
+      serviceCapabilityIndex++
+    }
+    if (values.elasticlb === true) {
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].service`] = 'lb'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilitytype`] = 'ElasticLb'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilityvalue`] = true
+      serviceCapabilityIndex++
+    }
+    if (values.inlinemode === true && ((selectedServiceProviderMap.Lb === 'F5BigIp') || (selectedServiceProviderMap.Lb === 'Netscaler'))) {
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].service`] = 'lb'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilitytype`] = 'InlineMode'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilityvalue`] = values.inlinemode
+      serviceCapabilityIndex++
+    }
+    params[`servicecapabilitylist[${serviceCapabilityIndex}].service`] = 'lb'
+    params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilitytype`] = 'SupportedLbIsolation'
+    params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilityvalue`] = values.isolation || 'dedicated'
+    serviceCapabilityIndex++
+    if (selectedServiceProviderMap.Lb === 'InternalLbVm') {
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].service`] = 'lb'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilitytype`] = 'lbSchemes'
+      params[`servicecapabilitylist[${serviceCapabilityIndex}].capabilityvalue`] = 'internal'
+      serviceCapabilityIndex++
+    }
+    if ('netscalerservicepackages' in values &&
+      registeredServicePackages.length > values.netscalerservicepackages &&
+      'netscalerservicepackagesdescription' in values) {
+      params['details[0].servicepackageuuid'] = registeredServicePackages[values.netscalerservicepackages].id
+      params['details[1].servicepackagedescription'] = values.netscalerservicepackagesdescription
+    }
+  }
+}
+
+/**
+ * Build the VPC service capability params for Add/Clone VPC Offering forms.
+ * Handles: RegionLevelVpc, DistributedRouter, RedundantRouter (SourceNat/Gateway)
+ */
+export function buildVpcServiceCapabilityParams (params, values, selectedServiceProviderMap, isVpcVirtualRouterForAtLeastOneService) {
+  const supportedServices = Object.keys(selectedServiceProviderMap)
+  let serviceCapabilityIndex = 0
+  if (supportedServices.includes('Connectivity')) {
+    if (values.regionlevelvpc === true) {
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].service`] = 'Connectivity'
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilitytype`] = 'RegionLevelVpc'
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilityvalue`] = true
+      serviceCapabilityIndex++
+    }
+    if (values.distributedrouter === true) {
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].service`] = 'Connectivity'
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilitytype`] = 'DistributedRouter'
+      params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilityvalue`] = true
+      serviceCapabilityIndex++
+    }
+  }
+  if (supportedServices.includes('SourceNat') && values.redundantrouter === true) {
+    params[`serviceCapabilityList[${serviceCapabilityIndex}].service`] = 'SourceNat'
+    params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilitytype`] = 'RedundantRouter'
+    params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilityvalue`] = true
+    serviceCapabilityIndex++
+  } else if (values.redundantrouter === true) {
+    params[`serviceCapabilityList[${serviceCapabilityIndex}].service`] = 'Gateway'
+    params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilitytype`] = 'RedundantRouter'
+    params[`serviceCapabilityList[${serviceCapabilityIndex}].capabilityvalue`] = true
+    serviceCapabilityIndex++
+  }
+  if (values.serviceofferingid && isVpcVirtualRouterForAtLeastOneService) {
+    params.serviceofferingid = values.serviceofferingid
+  }
+}
diff --git a/ui/src/config/section/compute.js b/ui/src/config/section/compute.js
index 32e888bb53dc..dd17116df02d 100644
--- a/ui/src/config/section/compute.js
+++ b/ui/src/config/section/compute.js
@@ -331,7 +331,7 @@ export default {
           docHelp: 'adminguide/virtual_machines.html#change-affinity-group-for-an-existing-vm',
           dataView: true,
           args: ['affinitygroupids'],
-          show: (record) => { return record.hypervisor !== 'External' && ['Stopped'].includes(record.state) && record.vmtype !== 'sharedfsvm' },
+          show: (record) => { return record.hypervisor !== 'External' && ['Stopped'].includes(record.state) && record.vmtype !== 'sharedfsvm' && record.vmtype !== 'cksnode' },
           component: shallowRef(defineAsyncComponent(() => import('@/views/compute/ChangeAffinity'))),
           popup: true
         },
@@ -576,7 +576,7 @@ export default {
         const filters = ['cloud.managed', 'external.managed']
         return filters
       },
-      details: ['name', 'description', 'zonename', 'kubernetesversionname', 'autoscalingenabled', 'csienabled', 'minsize', 'maxsize', 'size', 'controlnodes', 'etcdnodes', 'cpunumber', 'memory', 'keypair', 'cniconfigname', 'associatednetworkname', 'account', 'domain', 'zonename', 'clustertype', 'created'],
+      details: ['name', 'description', 'zonename', 'kubernetesversionname', 'autoscalingenabled', 'csienabled', 'minsize', 'maxsize', 'size', 'controlnodes', 'controlaffinitygroupnames', 'etcdnodes', 'etcdaffinitygroupnames', 'workeraffinitygroupnames', 'cpunumber', 'memory', 'keypair', 'cniconfigname', 'associatednetworkname', 'account', 'domain', 'zonename', 'clustertype', 'created'],
       tabs: [
         {
           name: 'k8s',
@@ -797,7 +797,7 @@ export default {
         },
         {
           api: 'scaleKubernetesCluster',
-          icon: 'swap-outlined',
+          icon: 'arrows-alt-outlined',
           label: 'label.kubernetes.cluster.scale',
           message: 'message.kubernetes.cluster.scale',
           docHelp: 'plugins/cloudstack-kubernetes-service.html#scaling-kubernetes-cluster',
@@ -806,6 +806,15 @@ export default {
           popup: true,
           component: shallowRef(defineAsyncComponent(() => import('@/views/compute/ScaleKubernetesCluster.vue')))
         },
+        {
+          api: 'updateKubernetesClusterAffinityGroups',
+          icon: 'swap-outlined',
+          label: 'label.change.affinity',
+          dataView: true,
+          show: (record) => { return ['Stopped'].includes(record.state) && record.clustertype === 'CloudManaged' },
+          popup: true,
+          component: shallowRef(defineAsyncComponent(() => import('@/views/compute/ChangeKubernetesClusterAffinity.vue')))
+        },
         {
           api: 'upgradeKubernetesCluster',
           icon: 'plus-circle-outlined',
@@ -1325,12 +1334,8 @@ export default {
           label: 'label.add.affinity.group',
           docHelp: 'adminguide/virtual_machines.html#creating-a-new-affinity-group',
           listView: true,
-          args: ['name', 'description', 'type'],
-          mapping: {
-            type: {
-              options: ['host anti-affinity (Strict)', 'host affinity (Strict)', 'host anti-affinity (Non-Strict)', 'host affinity (Non-Strict)']
-            }
-          }
+          popup: true,
+          component: shallowRef(defineAsyncComponent(() => import('@/views/compute/CreateAffinityGroup.vue')))
         },
         {
           api: 'deleteAffinityGroup',
diff --git a/ui/src/config/section/offering.js b/ui/src/config/section/offering.js
index bc95772d6f7a..9d7b743a70aa 100644
--- a/ui/src/config/section/offering.js
+++ b/ui/src/config/section/offering.js
@@ -143,6 +143,14 @@ export default {
         },
         show: (record) => { return record.state === 'Active' },
         groupMap: (selection) => { return selection.map(x => { return { id: x, state: 'Inactive' } }) }
+      }, {
+        api: 'cloneServiceOffering',
+        icon: 'copy-outlined',
+        label: 'label.clone.compute.offering',
+        docHelp: 'adminguide/service_offerings.html#creating-a-new-compute-offering',
+        dataView: true,
+        popup: true,
+        component: shallowRef(defineAsyncComponent(() => import('@/views/offering/CloneComputeOffering.vue')))
       }]
     },
     {
@@ -225,6 +233,15 @@ export default {
         },
         show: (record) => { return record.state === 'Active' },
         groupMap: (selection) => { return selection.map(x => { return { id: x, state: 'Inactive' } }) }
+      }, {
+        api: 'cloneServiceOffering',
+        icon: 'copy-outlined',
+        label: 'label.clone.system.service.offering',
+        docHelp: 'adminguide/service_offerings.html#creating-a-new-system-service-offering',
+        dataView: true,
+        params: { issystem: 'true' },
+        popup: true,
+        component: shallowRef(defineAsyncComponent(() => import('@/views/offering/CloneComputeOffering.vue')))
       }]
     },
     {
@@ -332,6 +349,14 @@ export default {
         },
         show: (record) => { return record.state === 'Active' },
         groupMap: (selection) => { return selection.map(x => { return { id: x, state: 'Inactive' } }) }
+      }, {
+        api: 'cloneDiskOffering',
+        icon: 'copy-outlined',
+        label: 'label.clone.disk.offering',
+        docHelp: 'adminguide/service_offerings.html#creating-a-new-disk-offering',
+        dataView: true,
+        popup: true,
+        component: shallowRef(defineAsyncComponent(() => import('@/views/offering/CloneDiskOffering.vue')))
       }]
     },
     {
@@ -376,6 +401,14 @@ export default {
         popup: true,
         groupMap: (selection) => { return selection.map(x => { return { id: x } }) },
         args: ['name', 'description', 'allowuserdrivenbackups']
+      }, {
+        api: 'cloneBackupOffering',
+        icon: 'copy-outlined',
+        label: 'label.clone.backup.offering',
+        docHelp: 'adminguide/virtual_machines.html#importing-backup-offerings',
+        dataView: true,
+        popup: true,
+        component: shallowRef(defineAsyncComponent(() => import('@/views/offering/CloneBackupOffering.vue')))
       }, {
         api: 'deleteBackupOffering',
         icon: 'delete-outlined',
@@ -487,6 +520,14 @@ export default {
         dataView: true,
         popup: true,
         component: shallowRef(defineAsyncComponent(() => import('@/views/offering/UpdateOfferingAccess.vue')))
+      }, {
+        api: 'cloneNetworkOffering',
+        icon: 'copy-outlined',
+        label: 'label.clone.network.offering',
+        docHelp: 'adminguide/networking.html#creating-a-new-network-offering',
+        dataView: true,
+        popup: true,
+        component: shallowRef(defineAsyncComponent(() => import('@/views/offering/CloneNetworkOffering.vue')))
       }, {
         api: 'deleteNetworkOffering',
         icon: 'delete-outlined',
@@ -508,7 +549,7 @@ export default {
       searchFilters: ['name', 'zoneid', 'domainid'],
       resourceType: 'VpcOffering',
       columns: ['name', 'state', 'displaytext', 'domain', 'zone', 'order'],
-      details: ['name', 'id', 'displaytext', 'internetprotocol', 'distributedvpcrouter', 'tags', 'routingmode', 'specifyasnumber', 'service', 'fornsx', 'networkmode', 'domain', 'zone', 'created'],
+      details: ['name', 'id', 'displaytext', 'internetprotocol', 'distributedvpcrouter', 'tags', 'routingmode', 'specifyasnumber', 'service', 'fornsx', 'networkmode', 'conservemode', 'domain', 'zone', 'created'],
       related: [{
         name: 'vpc',
         title: 'label.vpc',
@@ -579,6 +620,14 @@ export default {
         dataView: true,
         popup: true,
         component: shallowRef(defineAsyncComponent(() => import('@/views/offering/UpdateOfferingAccess.vue')))
+      }, {
+        api: 'cloneVPCOffering',
+        icon: 'copy-outlined',
+        docHelp: 'plugins/nuage-plugin.html?#optional-create-and-enable-vpc-offering',
+        label: 'label.clone.vpc.offering',
+        dataView: true,
+        popup: true,
+        component: shallowRef(defineAsyncComponent(() => import('@/views/offering/CloneVpcOffering.vue')))
       }, {
         api: 'deleteVPCOffering',
         icon: 'delete-outlined',
diff --git a/ui/src/views/compute/ChangeKubernetesClusterAffinity.vue b/ui/src/views/compute/ChangeKubernetesClusterAffinity.vue
new file mode 100644
index 000000000000..f06fa65d1703
--- /dev/null
+++ b/ui/src/views/compute/ChangeKubernetesClusterAffinity.vue
@@ -0,0 +1,200 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+  <div class="form-layout" v-ctrl-enter="handleSubmit">
+    <a-spin :spinning="loading">
+      <a-form
+        :ref="formRef"
+        :model="form"
+        :rules="rules"
+        @finish="handleSubmit"
+        layout="vertical">
+        <a-form-item name="controlaffinitygroupids" ref="controlaffinitygroupids">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.control.nodes.affinitygroupid')" :tooltip="$t('label.cks.cluster.control.nodes.affinitygroupid')"/>
+          </template>
+          <a-select
+            v-model:value="controlAffinityGroups"
+            mode="multiple"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0"
+            :loading="affinityGroupLoading"
+            :placeholder="$t('label.cks.cluster.control.nodes.affinitygroupid')">
+            <a-select-option v-for="opt in affinityGroups" :key="opt.id" :label="opt.name">
+              {{ opt.name }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="workeraffinitygroupids" ref="workeraffinitygroupids">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.worker.nodes.affinitygroupid')" :tooltip="$t('label.cks.cluster.worker.nodes.affinitygroupid')"/>
+          </template>
+          <a-select
+            v-model:value="workerAffinityGroups"
+            mode="multiple"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0"
+            :loading="affinityGroupLoading"
+            :placeholder="$t('label.cks.cluster.worker.nodes.affinitygroupid')">
+            <a-select-option v-for="opt in affinityGroups" :key="opt.id" :label="opt.name">
+              {{ opt.name }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item v-if="resource.etcdnodes && resource.etcdnodes > 0" name="etcdaffinitygroupids" ref="etcdaffinitygroupids">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.etcd.nodes.affinitygroupid')" :tooltip="$t('label.cks.cluster.etcd.nodes.affinitygroupid')"/>
+          </template>
+          <a-select
+            v-model:value="etcdAffinityGroups"
+            mode="multiple"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0"
+            :loading="affinityGroupLoading"
+            :placeholder="$t('label.cks.cluster.etcd.nodes.affinitygroupid')">
+            <a-select-option v-for="opt in affinityGroups" :key="opt.id" :label="opt.name">
+              {{ opt.name }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <div :span="24" class="action-button">
+          <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
+          <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+        </div>
+      </a-form>
+    </a-spin>
+  </div>
+</template>
+
+<script>
+import { ref, reactive } from 'vue'
+import { getAPI, postAPI } from '@/api'
+import { mixinForm } from '@/utils/mixin'
+import TooltipLabel from '@/components/widgets/TooltipLabel'
+
+export default {
+  name: 'ChangeKubernetesClusterAffinity',
+  mixins: [mixinForm],
+  props: {
+    resource: {
+      type: Object,
+      required: true
+    }
+  },
+  components: {
+    TooltipLabel
+  },
+  inject: ['parentFetchData'],
+  data () {
+    return {
+      loading: false,
+      affinityGroups: [],
+      affinityGroupLoading: false,
+      controlAffinityGroups: [],
+      workerAffinityGroups: [],
+      etcdAffinityGroups: []
+    }
+  },
+  created () {
+    this.initForm()
+    this.fetchAffinityGroups()
+  },
+  methods: {
+    initForm () {
+      this.formRef = ref()
+      this.form = reactive({})
+      this.rules = reactive({})
+    },
+    fetchAffinityGroups () {
+      this.affinityGroupLoading = true
+      const params = {
+        domainid: this.resource.domainid,
+        account: this.resource.account
+      }
+      getAPI('listAffinityGroups', params).then(json => {
+        const groups = json.listaffinitygroupsresponse.affinitygroup
+        if (groups && groups.length > 0) {
+          this.affinityGroups = groups.filter(group => group.type !== 'ExplicitDedication')
+        }
+        this.prePopulateSelections()
+      }).finally(() => {
+        this.affinityGroupLoading = false
+      })
+    },
+    prePopulateSelections () {
+      this.controlAffinityGroups = this.parseAffinityGroupIds(this.resource.controlaffinitygroupids)
+      this.workerAffinityGroups = this.parseAffinityGroupIds(this.resource.workeraffinitygroupids)
+      this.etcdAffinityGroups = this.parseAffinityGroupIds(this.resource.etcdaffinitygroupids)
+    },
+    parseAffinityGroupIds (idsCsv) {
+      if (!idsCsv) {
+        return []
+      }
+      return idsCsv.split(',').filter(id => id.trim() !== '')
+    },
+    handleSubmit (e) {
+      if (e) e.preventDefault()
+      if (this.loading) return
+      this.loading = true
+      const params = {
+        id: this.resource.id
+      }
+      let affinityIndex = 0
+      const addAffinityGroups = (nodeType, groups) => {
+        if (groups && groups.length > 0) {
+          params[`nodeaffinitygroups[${affinityIndex}].node`] = nodeType
+          params[`nodeaffinitygroups[${affinityIndex}].affinitygroup`] = groups.join(',')
+          affinityIndex++
+        }
+      }
+      addAffinityGroups('control', this.controlAffinityGroups)
+      addAffinityGroups('worker', this.workerAffinityGroups)
+      if (this.resource.etcdnodes && this.resource.etcdnodes > 0) {
+        addAffinityGroups('etcd', this.etcdAffinityGroups)
+      }
+      postAPI('updateKubernetesClusterAffinityGroups', params).then(json => {
+        this.$notification.success({
+          message: this.$t('message.success.change.affinity.group')
+        })
+        this.$emit('close-action')
+        this.parentFetchData()
+      }).catch(error => {
+        this.$notifyError(error)
+      }).finally(() => {
+        this.loading = false
+      })
+    },
+    closeAction () {
+      this.$emit('close-action')
+    }
+  }
+}
+</script>
+
+<style scoped lang="less">
+  .form-layout {
+    width: 80vw;
+
+    @media (min-width: 600px) {
+      width: 450px;
+    }
+  }
+</style>
diff --git a/ui/src/views/compute/CreateAffinityGroup.vue b/ui/src/views/compute/CreateAffinityGroup.vue
new file mode 100644
index 000000000000..27d9828138d4
--- /dev/null
+++ b/ui/src/views/compute/CreateAffinityGroup.vue
@@ -0,0 +1,173 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+  <div class="form-layout" v-ctrl-enter="handleSubmit">
+    <a-spin :spinning="loading">
+      <a-form
+        :ref="formRef"
+        :model="form"
+        :rules="rules"
+        @finish="handleSubmit"
+        layout="vertical">
+        <a-form-item name="name" ref="name">
+          <template #label>
+            <tooltip-label :title="$t('label.name')" :tooltip="apiParams.name.description"/>
+          </template>
+          <a-input
+            v-model:value="form.name"
+            :placeholder="apiParams.name.description"
+            v-focus="true" />
+        </a-form-item>
+        <a-form-item name="description" ref="description">
+          <template #label>
+            <tooltip-label :title="$t('label.description')" :tooltip="apiParams.description.description"/>
+          </template>
+          <a-input
+            v-model:value="form.description"
+            :placeholder="apiParams.description.description"/>
+        </a-form-item>
+        <a-form-item name="type" ref="type">
+          <template #label>
+            <tooltip-label :title="$t('label.type')" :tooltip="apiParams.type.description"/>
+          </template>
+          <a-select
+            v-model:value="form.type"
+            showSearch
+            optionFilterProp="label"
+            :placeholder="apiParams.type.description">
+            <a-select-option v-for="opt in affinityGroupTypes" :key="opt" :label="opt">
+              {{ opt }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <ownership-selection v-if="isAdminOrDomainAdmin()" @fetch-owner="fetchOwnerOptions"/>
+        <div :span="24" class="action-button">
+          <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
+          <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+        </div>
+      </a-form>
+    </a-spin>
+  </div>
+</template>
+
+<script>
+import { ref, reactive, toRaw } from 'vue'
+import { postAPI } from '@/api'
+import { mixinForm } from '@/utils/mixin'
+import TooltipLabel from '@/components/widgets/TooltipLabel'
+import OwnershipSelection from '@/views/compute/wizard/OwnershipSelection'
+
+export default {
+  name: 'CreateAffinityGroup',
+  mixins: [mixinForm],
+  components: {
+    TooltipLabel,
+    OwnershipSelection
+  },
+  data () {
+    return {
+      loading: false,
+      owner: {},
+      affinityGroupTypes: [
+        'host affinity',
+        'host anti-affinity',
+        'non-strict host affinity',
+        'non-strict host anti-affinity'
+      ]
+    }
+  },
+  beforeCreate () {
+    this.apiParams = this.$getApiParams('createAffinityGroup')
+  },
+  created () {
+    this.initForm()
+  },
+  methods: {
+    initForm () {
+      this.formRef = ref()
+      this.form = reactive({})
+      this.rules = reactive({
+        name: [{ required: true, message: this.$t('message.error.name') }],
+        type: [{ required: true, message: this.$t('label.required') }]
+      })
+    },
+    isAdminOrDomainAdmin () {
+      return ['Admin', 'DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
+    },
+    fetchOwnerOptions (ownerOptions) {
+      this.owner = {}
+      if (ownerOptions.selectedAccountType === 'Account') {
+        if (!ownerOptions.selectedAccount) {
+          return
+        }
+        this.owner.account = ownerOptions.selectedAccount
+        this.owner.domainid = ownerOptions.selectedDomain
+      } else if (ownerOptions.selectedAccountType === 'Project') {
+        if (!ownerOptions.selectedProject) {
+          return
+        }
+        this.owner.projectid = ownerOptions.selectedProject
+      }
+    },
+    handleSubmit (e) {
+      e.preventDefault()
+      if (this.loading) return
+      this.formRef.value.validate().then(() => {
+        const formRaw = toRaw(this.form)
+        const values = this.handleRemoveFields(formRaw)
+        this.loading = true
+        const params = {
+          name: values.name,
+          description: values.description,
+          type: values.type
+        }
+        if (this.owner.account) {
+          params.account = this.owner.account
+          params.domainid = this.owner.domainid
+        } else if (this.owner.projectid) {
+          params.projectid = this.owner.projectid
+        }
+        postAPI('createAffinityGroup', params).then(json => {
+          this.$message.success(this.$t('label.add.affinity.group') + ' - ' + values.name)
+        }).catch(error => {
+          this.$notifyError(error)
+        }).finally(() => {
+          this.$emit('refresh-data')
+          this.loading = false
+          this.closeAction()
+        })
+      }).catch(error => {
+        this.formRef.value.scrollToField(error.errorFields[0].name)
+      })
+    },
+    closeAction () {
+      this.$emit('close-action')
+    }
+  }
+}
+</script>
+
+<style scoped lang="less">
+  .form-layout {
+    width: 80vw;
+
+    @media (min-width: 600px) {
+      width: 450px;
+    }
+  }
+</style>
diff --git a/ui/src/views/compute/CreateKubernetesCluster.vue b/ui/src/views/compute/CreateKubernetesCluster.vue
index 1799933bf2ef..618e46cb72d9 100644
--- a/ui/src/views/compute/CreateKubernetesCluster.vue
+++ b/ui/src/views/compute/CreateKubernetesCluster.vue
@@ -65,6 +65,7 @@
             </a-select-option>
           </a-select>
         </a-form-item>
+        <ownership-selection v-if="isAdmin()" @fetch-owner="fetchOwnerOptions"/>
         <a-form-item ref="hypervisor" name="hypervisor">
           <template #label>
             <tooltip-label :title="$t('label.hypervisor')" :tooltip="apiParams.hypervisor.description"/>
@@ -316,7 +317,7 @@
             </a-select-option>
           </a-select>
         </a-form-item>
-        <a-form-item v-if="form.advancedmode && form?.etcdnodes > 0" name="etcdtemplateid" ref="etcdtemplateid">
+        <a-form-item v-if="form.advancedmode && form.etcdnodes && form.etcdnodes > 0" name="etcdtemplateid" ref="etcdtemplateid">
           <template #label>
             <tooltip-label :title="$t('label.cks.cluster.etcd.nodes.templateid')" :tooltip="$t('label.cks.cluster.etcd.nodes.templateid')"/>
           </template>
@@ -335,6 +336,57 @@
             </a-select-option>
           </a-select>
         </a-form-item>
+        <a-form-item v-if="form.advancedmode" name="controlaffinitygroupids" ref="controlaffinitygroupids">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.control.nodes.affinitygroupid')" :tooltip="$t('label.cks.cluster.control.nodes.affinitygroupid')"/>
+          </template>
+          <a-select
+            v-model:value="controlAffinityGroups"
+            mode="multiple"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0"
+            :loading="affinityGroupLoading"
+            :placeholder="$t('label.cks.cluster.control.nodes.affinitygroupid')">
+            <a-select-option v-for="opt in affinityGroups" :key="opt.id" :label="opt.name">
+              {{ opt.name }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item v-if="form.advancedmode" name="workeraffinitygroupids" ref="workeraffinitygroupids">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.worker.nodes.affinitygroupid')" :tooltip="$t('label.cks.cluster.worker.nodes.affinitygroupid')"/>
+          </template>
+          <a-select
+            v-model:value="workerAffinityGroups"
+            mode="multiple"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0"
+            :loading="affinityGroupLoading"
+            :placeholder="$t('label.cks.cluster.worker.nodes.affinitygroupid')">
+            <a-select-option v-for="opt in affinityGroups" :key="opt.id" :label="opt.name">
+              {{ opt.name }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item v-if="form.advancedmode && form.etcdnodes && form.etcdnodes > 0" name="etcdaffinitygroupids" ref="etcdaffinitygroupids">
+          <template #label>
+            <tooltip-label :title="$t('label.cks.cluster.etcd.nodes.affinitygroupid')" :tooltip="$t('label.cks.cluster.etcd.nodes.affinitygroupid')"/>
+          </template>
+          <a-select
+            v-model:value="etcdAffinityGroups"
+            mode="multiple"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0"
+            :loading="affinityGroupLoading"
+            :placeholder="$t('label.cks.cluster.etcd.nodes.affinitygroupid')">
+            <a-select-option v-for="opt in affinityGroups" :key="opt.id" :label="opt.name">
+              {{ opt.name }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
         <a-form-item v-if="form.advancedmode && isASNumberRequired() && !form.networkid" name="asnumber" ref="asnumber">
           <template #label>
               <tooltip-label :title="$t('label.asnumber')" :tooltip="apiParams.asnumber.description"/>
@@ -441,6 +493,7 @@ import { mixinForm } from '@/utils/mixin'
 import ResourceIcon from '@/components/view/ResourceIcon'
 import TooltipLabel from '@/components/widgets/TooltipLabel'
 import UserDataSelection from '@views/compute/wizard/UserDataSelection'
+import OwnershipSelection from '@/views/compute/wizard/OwnershipSelection'
 
 export default {
   name: 'CreateKubernetesCluster',
@@ -448,7 +501,8 @@ export default {
   components: {
     TooltipLabel,
     ResourceIcon,
-    UserDataSelection
+    UserDataSelection,
+    OwnershipSelection
   },
   props: {},
   data () {
@@ -490,7 +544,13 @@ export default {
       cksNetworkOffering: null,
       asNumbersZone: [],
       asNumberLoading: false,
-      selectedAsNumber: 0
+      selectedAsNumber: 0,
+      affinityGroups: [],
+      affinityGroupLoading: false,
+      controlAffinityGroups: [],
+      workerAffinityGroups: [],
+      etcdAffinityGroups: [],
+      owner: {}
     }
   },
   beforeCreate () {
@@ -555,11 +615,38 @@ export default {
     },
     fetchData () {
       this.fetchZoneData()
-      this.fetchKeyPairData()
+      if (!this.isAdmin()) {
+        this.fetchKeyPairData()
+      }
       this.fetchCksTemplates()
       this.fetchCKSNetworkOfferingName()
       this.fetchCniConfigurations()
     },
+    fetchAffinityGroups () {
+      this.affinityGroups = []
+      this.controlAffinityGroups = []
+      this.workerAffinityGroups = []
+      this.etcdAffinityGroups = []
+      const params = {}
+      if (!this.isObjectEmpty(this.selectedZone)) {
+        params.zoneid = this.selectedZone.id
+      }
+      if (this.owner.account) {
+        params.account = this.owner.account
+        params.domainid = this.owner.domainid
+      } else if (this.owner.projectid) {
+        params.projectid = this.owner.projectid
+      }
+      this.affinityGroupLoading = true
+      getAPI('listAffinityGroups', params).then(json => {
+        const groups = json.listaffinitygroupsresponse.affinitygroup
+        if (this.arrayHasItems(groups)) {
+          this.affinityGroups = groups.filter(group => group.type !== 'ExplicitDedication')
+        }
+      }).finally(() => {
+        this.affinityGroupLoading = false
+      })
+    },
     isValidValueForKey (obj, key) {
       return key in obj && obj[key] != null
     },
@@ -597,9 +684,12 @@ export default {
     handleZoneChange (zone) {
       this.selectedZone = zone
       this.fetchKubernetesVersionData()
-      this.fetchNetworkData()
       this.fetchZoneHypervisors()
       this.fetchZoneASNumbers()
+      if (!this.isAdmin()) {
+        this.fetchNetworkData()
+        this.fetchAffinityGroups()
+      }
     },
     handleASNumberChange (selectedIndex) {
       this.selectedAsNumber = this.asNumbersZone[selectedIndex].asnumber
@@ -663,9 +753,30 @@ export default {
         }
       })
     },
+    isAdmin () {
+      return this.$store.getters.userInfo.roletype === 'Admin'
+    },
     isAdminOrDomainAdmin () {
       return ['Admin', 'DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
     },
+    fetchOwnerOptions (ownerOptions) {
+      this.owner = {}
+      if (ownerOptions.selectedAccountType === 'Account') {
+        if (!ownerOptions.selectedAccount) {
+          return
+        }
+        this.owner.account = ownerOptions.selectedAccount
+        this.owner.domainid = ownerOptions.selectedDomain
+      } else if (ownerOptions.selectedAccountType === 'Project') {
+        if (!ownerOptions.selectedProject) {
+          return
+        }
+        this.owner.projectid = ownerOptions.selectedProject
+      }
+      this.fetchNetworkData()
+      this.fetchKeyPairData()
+      this.fetchAffinityGroups()
+    },
     fetchCksTemplates () {
       var filters = []
       if (this.isAdminOrDomainAdmin()) {
@@ -695,6 +806,12 @@ export default {
       if (!this.isObjectEmpty(this.selectedZone)) {
         params.zoneid = this.selectedZone.id
       }
+      if (this.owner.account) {
+        params.account = this.owner.account
+        params.domainid = this.owner.domainid
+      } else if (this.owner.projectid) {
+        params.projectid = this.owner.projectid
+      }
       this.networkLoading = true
       this.networks = []
       getAPI('listNetworks', params).then(json => {
@@ -713,7 +830,14 @@ export default {
     },
     fetchKeyPairData () {
       const params = {}
+      if (this.owner.account) {
+        params.account = this.owner.account
+        params.domainid = this.owner.domainid
+      } else if (this.owner.projectid) {
+        params.projectid = this.owner.projectid
+      }
       this.keyPairLoading = true
+      this.keyPairs = [this.emptyEntry]
       getAPI('listSSHKeyPairs', params).then(json => {
         const listKeyPairs = json.listsshkeypairsresponse.sshkeypair
         if (this.arrayHasItems(listKeyPairs)) {
@@ -840,6 +964,12 @@ export default {
           size: values.size,
           clustertype: 'CloudManaged'
         }
+        if (this.owner.account) {
+          params.account = this.owner.account
+          params.domainid = this.owner.domainid
+        } else if (this.owner.projectid) {
+          params.projectid = this.owner.projectid
+        }
         if (values.hypervisor !== null) {
           params.hypervisor = this.selectedZoneHypervisors[values.hypervisor].name.toLowerCase()
         }
@@ -881,6 +1011,21 @@ export default {
             advancedTemplates++
           }
         }
+        if (values.advancedmode) {
+          let affinityIndex = 0
+          const addAffinityGroups = (nodeType, groups) => {
+            if (groups && groups.length > 0) {
+              params[`nodeaffinitygroups[${affinityIndex}].node`] = nodeType
+              params[`nodeaffinitygroups[${affinityIndex}].affinitygroup`] = groups.join(',')
+              affinityIndex++
+            }
+          }
+          addAffinityGroups('control', this.controlAffinityGroups)
+          addAffinityGroups('worker', this.workerAffinityGroups)
+          if (values.etcdnodes > 0) {
+            addAffinityGroups('etcd', this.etcdAffinityGroups)
+          }
+        }
         if (this.isValidValueForKey(values, 'noderootdisksize') && values.noderootdisksize > 0) {
           params.noderootdisksize = values.noderootdisksize
         }
diff --git a/ui/src/views/network/LoadBalancing.vue b/ui/src/views/network/LoadBalancing.vue
index ad091b218a83..0b9ed7684a89 100644
--- a/ui/src/views/network/LoadBalancing.vue
+++ b/ui/src/views/network/LoadBalancing.vue
@@ -204,6 +204,11 @@
                   {{ instance.loadbalancerruleinstance.displayname }}
                 </router-link>
               </div>
+              <div v-if="this.vpcConserveMode">
+                <router-link :to="{ path: '/guestnetwork/' + instance.loadbalancerruleinstance.nic[0].networkid }">
+                  {{ instance.loadbalancerruleinstance.nic[0].networkname }}
+                </router-link>
+              </div>
               <div>{{ ip }}</div>
               <tooltip-button
                 :disabled='record.autoscalevmgroup'
@@ -487,10 +492,10 @@
     >
       <div @keyup.ctrl.enter="handleAddNewRule">
         <span
-          v-if="'vpcid' in resource && !('associatednetworkid' in resource)">
+          v-if="'vpcid' in resource && (!('associatednetworkid' in resource) || vpcConserveMode)">
           <strong>{{ $t('label.select.tier') }} </strong>
           <a-select
-            v-focus="'vpcid' in resource && !('associatednetworkid' in resource)"
+            v-focus="'vpcid' in resource && (!('associatednetworkid' in resource) || vpcConserveMode)"
             v-model:value="selectedTier"
             @change="fetchVirtualMachines()"
             :placeholder="$t('label.select.tier')"
@@ -1022,7 +1027,8 @@ export default {
         urlpath: '/'
       },
       healthMonitorLoading: false,
-      isNetrisZone: false
+      isNetrisZone: false,
+      vpcConserveMode: false
     }
   },
   computed: {
@@ -1079,10 +1085,24 @@ export default {
       })
     },
     fetchData () {
+      this.fetchVpc()
       this.fetchListTiers()
       this.fetchLBRules()
       this.fetchZone()
     },
+    fetchVpc () {
+      if (!this.resource.vpcid) {
+        return
+      }
+      this.vpcConserveMode = false
+      getAPI('listVPCs', {
+        id: this.resource.vpcid
+      }).then(json => {
+        this.vpcConserveMode = json.listvpcsresponse?.vpc?.[0].vpcofferingconservemode || false
+      }).catch(error => {
+        this.$notifyError(error)
+      })
+    },
     fetchListTiers () {
       this.tiers.loading = true
 
@@ -1830,7 +1850,7 @@ export default {
 
       getAPI('listNics', {
         virtualmachineid: e.target.value,
-        networkid: ('vpcid' in this.resource && !('associatednetworkid' in this.resource)) ? this.selectedTier : this.resource.associatednetworkid
+        networkid: ('vpcid' in this.resource && (!('associatednetworkid' in this.resource) || this.vpcConserveMode)) ? this.selectedTier : this.resource.associatednetworkid
       }).then(response => {
         if (!response || !response.listnicsresponse || !response.listnicsresponse.nic[0]) return
         const newItem = []
@@ -1850,7 +1870,7 @@ export default {
       this.vmCount = 0
       this.vms = []
       this.addVmModalLoading = true
-      const networkId = ('vpcid' in this.resource && !('associatednetworkid' in this.resource)) ? this.selectedTier : this.resource.associatednetworkid
+      const networkId = ('vpcid' in this.resource && (!('associatednetworkid' in this.resource) || this.vpcConserveMode)) ? this.selectedTier : this.resource.associatednetworkid
       if (!networkId) {
         this.addVmModalLoading = false
         return
@@ -1935,11 +1955,17 @@ export default {
           ip.forEach(i => {
             vmIDIpMap[`vmidipmap[${innerCount}].vmid`] = this.newRule.virtualmachineid[count]
             vmIDIpMap[`vmidipmap[${innerCount}].vmip`] = i
+            if (this.vpcConserveMode) {
+              vmIDIpMap[`vmidipmap[${innerCount}].vmnetworkid`] = this.selectedTier
+            }
             innerCount++
           })
         } else {
           vmIDIpMap[`vmidipmap[${innerCount}].vmid`] = this.newRule.virtualmachineid[count]
           vmIDIpMap[`vmidipmap[${innerCount}].vmip`] = ip
+          if (this.vpcConserveMode && ip != null) {
+            vmIDIpMap[`vmidipmap[${innerCount}].vmnetworkid`] = this.selectedTier
+          }
           innerCount++
         }
         if (this.newRule.virtualmachineid[count]) {
diff --git a/ui/src/views/network/PortForwarding.vue b/ui/src/views/network/PortForwarding.vue
index 8ab6559b12c3..ffa89e5b5814 100644
--- a/ui/src/views/network/PortForwarding.vue
+++ b/ui/src/views/network/PortForwarding.vue
@@ -117,6 +117,12 @@
         <template v-if="column.key === 'cidrlist'">
           <span style="white-space: pre-line"> {{ record.cidrlist?.replaceAll(",", "\n") }}</span>
         </template>
+        <template v-if="vpcConserveMode && column.key === 'networkid'">
+          <router-link
+            :to="{ path: '/guestnetwork/' + record.networkid }">
+            {{ record.networkname }}
+          </router-link>
+        </template>
         <template v-if="column.key === 'vm'">
           <div><desktop-outlined/>
             <router-link
@@ -216,10 +222,10 @@
       @cancel="closeModal">
       <div v-ctrl-enter="addRule">
         <span
-          v-if="'vpcid' in resource && !('associatednetworkid' in resource)">
+          v-if="'vpcid' in resource && (!('associatednetworkid' in resource) || vpcConserveMode)">
           <strong>{{ $t('label.select.tier') }} </strong>
           <a-select
-            :v-focus="'vpcid' in resource && !('associatednetworkid' in resource)"
+            v-focus="'vpcid' in resource && (!('associatednetworkid' in resource) || vpcConserveMode)"
             v-model:value="selectedTier"
             @change="fetchVirtualMachines()"
             :placeholder="$t('label.select.tier')"
@@ -467,7 +473,8 @@ export default {
       vmPageSize: 10,
       vmCount: 0,
       searchQuery: null,
-      cidrlist: ''
+      cidrlist: '',
+      vpcConserveMode: false
     }
   },
   computed: {
@@ -479,7 +486,6 @@ export default {
     this.apiParams = this.$getApiParams('createPortForwardingRule')
   },
   created () {
-    console.log(this.resource)
     this.initForm()
     this.fetchData()
   },
@@ -504,13 +510,30 @@ export default {
       })
     },
     fetchData () {
+      this.fetchVpc()
       this.fetchListTiers()
       this.fetchPFRules()
     },
-    fetchListTiers () {
-      if ('vpcid' in this.resource && 'associatednetworkid' in this.resource) {
+    fetchVpc () {
+      if (!this.resource.vpcid) {
         return
       }
+      this.vpcConserveMode = false
+      getAPI('listVPCs', {
+        id: this.resource.vpcid
+      }).then(json => {
+        this.vpcConserveMode = json.listvpcsresponse?.vpc?.[0].vpcofferingconservemode || false
+        if (this.vpcConserveMode) {
+          this.columns.splice(this.columns.length - 1, 0, {
+            key: 'networkid',
+            title: this.$t('label.network')
+          })
+        }
+      }).catch(error => {
+        this.$notifyError(error)
+      })
+    },
+    fetchListTiers () {
       this.selectedTier = null
       this.tiers.loading = true
       getAPI('listNetworks', {
@@ -630,7 +653,7 @@ export default {
       if (this.loading) return
       this.loading = true
       this.addVmModalVisible = false
-      const networkId = ('vpcid' in this.resource && !('associatednetworkid' in this.resource)) ? this.selectedTier : this.resource.associatednetworkid
+      const networkId = ('vpcid' in this.resource && (!('associatednetworkid' in this.resource) || this.vpcConserveMode)) ? this.selectedTier : this.resource.associatednetworkid
       postAPI('createPortForwardingRule', {
         ...this.newRule,
         ipaddressid: this.resource.id,
@@ -788,7 +811,7 @@ export default {
       this.newRule.virtualmachineid = e.target.value
       getAPI('listNics', {
         virtualmachineid: e.target.value,
-        networkId: ('vpcid' in this.resource && !('associatednetworkid' in this.resource)) ? this.selectedTier : this.resource.associatednetworkid
+        networkid: ('vpcid' in this.resource && (!('associatednetworkid' in this.resource) || this.vpcConserveMode)) ? this.selectedTier : this.resource.associatednetworkid
       }).then(response => {
         if (!response.listnicsresponse.nic || response.listnicsresponse.nic.length < 1) return
         const nic = response.listnicsresponse.nic[0]
@@ -799,7 +822,6 @@ export default {
         this.newRule.vmguestip = this.nics[0]
         this.addVmModalNicLoading = false
       }).catch(error => {
-        console.log(error)
         this.$notifyError(error)
         this.closeModal()
       })
@@ -808,7 +830,7 @@ export default {
       this.vmCount = 0
       this.vms = []
       this.addVmModalLoading = true
-      const networkId = ('vpcid' in this.resource && !('associatednetworkid' in this.resource)) ? this.selectedTier : this.resource.associatednetworkid
+      const networkId = ('vpcid' in this.resource && (!('associatednetworkid' in this.resource) || this.vpcConserveMode)) ? this.selectedTier : this.resource.associatednetworkid
       if (!networkId) {
         this.addVmModalLoading = false
         return
diff --git a/ui/src/views/network/PublicIpResource.vue b/ui/src/views/network/PublicIpResource.vue
index 7c25e1c32bad..0540e7f292a8 100644
--- a/ui/src/views/network/PublicIpResource.vue
+++ b/ui/src/views/network/PublicIpResource.vue
@@ -135,8 +135,10 @@ export default {
         return
       }
       if (this.resource && this.resource.vpcid) {
-        // VPC IPs with source nat have only VPN
-        if (this.resource.issourcenat) {
+        const vpc = await this.fetchVpc()
+
+        // VPC IPs with source nat have only VPN when VPC offering conserve mode = false
+        if (this.resource.issourcenat && vpc?.vpcofferingconservemode === false) {
           this.tabs = this.defaultTabs.concat(this.$route.meta.tabs.filter(tab => tab.name === 'vpn'))
           return
         }
@@ -154,7 +156,12 @@ export default {
 
         const network = await this.fetchNetwork()
         if (network && network.networkofferingconservemode) {
-          this.tabs = tabs
+          // VPC IPs with source nat have only VPN when VPC offering conserve mode = false
+          if (this.resource.issourcenat && vpc?.vpcofferingconservemode === false) {
+            this.tabs = this.defaultTabs.concat(this.$route.meta.tabs.filter(tab => tab.name === 'vpn'))
+          } else {
+            this.tabs = tabs
+          }
           return
         }
 
@@ -193,6 +200,21 @@ export default {
     fetchAction () {
       this.actions = this.$route.meta.actions || []
     },
+    fetchVpc () {
+      if (!this.resource.vpcid) {
+        return null
+      }
+      return new Promise((resolve, reject) => {
+        getAPI('listVPCs', {
+          id: this.resource.vpcid
+        }).then(json => {
+          const vpc = json.listvpcsresponse?.vpc?.[0] || null
+          resolve(vpc)
+        }).catch(e => {
+          reject(e)
+        })
+      })
+    },
     fetchNetwork () {
       if (!this.resource.associatednetworkid) {
         return null
diff --git a/ui/src/views/offering/AddComputeOffering.vue b/ui/src/views/offering/AddComputeOffering.vue
index 465d07b8e57f..72a63ef43f9d 100644
--- a/ui/src/views/offering/AddComputeOffering.vue
+++ b/ui/src/views/offering/AddComputeOffering.vue
@@ -18,658 +18,29 @@
 <template>
   <div class="form-layout" v-ctrl-enter="handleSubmit">
     <a-spin :spinning="loading">
-      <a-form
-        :ref="formRef"
-        :model="form"
+      <ComputeOfferingForm
+        :initialValues="form"
         :rules="rules"
-        @finish="handleSubmit"
-        layout="vertical"
-       >
-        <a-form-item name="name" ref="name">
-          <template #label>
-            <tooltip-label :title="$t('label.name')" :tooltip="apiParams.name.description"/>
-          </template>
-          <a-input
-            v-focus="true"
-            v-model:value="form.name"
-            :placeholder="$t('label.name')"/>
-        </a-form-item>
-        <a-form-item name="displaytext" ref="displaytext">
-          <template #label>
-            <tooltip-label :title="$t('label.displaytext')" :tooltip="apiParams.displaytext.description"/>
-          </template>
-          <a-input
-            v-model:value="form.displaytext"
-            :placeholder="$t('label.displaytext')"/>
-        </a-form-item>
-        <a-form-item name="systemvmtype" ref="systemvmtype" v-if="isSystem">
-          <template #label>
-            <tooltip-label :title="$t('label.systemvmtype')" :tooltip="apiParams.systemvmtype.description"/>
-          </template>
-          <a-select
-            :getPopupContainer="(trigger) => trigger.parentNode"
-            v-model:value="form.systemvmtype"
-            showSearch
-            optionFilterProp="label"
-            :filterOption="(input, option) => {
-              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }"
-            :placeholder="apiParams.systemvmtype.description">
-            <a-select-option key="domainrouter" :label="$t('label.domain.router')">{{ $t('label.domain.router') }}</a-select-option>
-            <a-select-option key="consoleproxy" :label="$t('label.console.proxy')">{{ $t('label.console.proxy') }}</a-select-option>
-            <a-select-option key="secondarystoragevm" :label="$t('label.secondary.storage.vm')">{{ $t('label.secondary.storage.vm') }}</a-select-option>
-          </a-select>
-        </a-form-item>
-        <a-form-item name="offeringtype" ref="offeringtype" :label="$t('label.offeringtype')" v-show="!isSystem">
-          <a-radio-group
-            v-model:value="form.offeringtype"
-            @change="selected => { handleComputeOfferingTypeChange(selected.target.value) }"
-            buttonStyle="solid">
-            <a-radio-button value="fixed">
-              {{ $t('label.fixed') }}
-            </a-radio-button>
-            <a-radio-button value="customconstrained">
-              {{ $t('label.customconstrained') }}
-            </a-radio-button>
-            <a-radio-button value="customunconstrained">
-              {{ $t('label.customunconstrained') }}
-            </a-radio-button>
-          </a-radio-group>
-        </a-form-item>
-        <a-row :gutter="12">
-          <a-col :md="8" :lg="8" v-if="offeringType === 'fixed'">
-            <a-form-item name="cpunumber" ref="cpunumber">
-              <template #label>
-                <tooltip-label :title="$t('label.cpunumber')" :tooltip="apiParams.cpunumber.description"/>
-              </template>
-              <a-input
-                v-model:value="form.cpunumber"
-                :placeholder="apiParams.cpunumber.description"/>
-            </a-form-item>
-          </a-col>
-          <a-col :md="8" :lg="8" v-if="offeringType !== 'customunconstrained'">
-            <a-form-item name="cpuspeed" ref="cpuspeed">
-              <template #label>
-                <tooltip-label :title="$t('label.cpuspeed')" :tooltip="apiParams.cpuspeed.description"/>
-              </template>
-              <a-input
-                v-model:value="form.cpuspeed"
-                :placeholder="apiParams.cpuspeed.description"/>
-            </a-form-item>
-          </a-col>
-          <a-col :md="8" :lg="8" v-if="offeringType === 'fixed'">
-            <a-form-item name="memory" ref="memory">
-              <template #label>
-                <tooltip-label :title="$t('label.memory.mb')" :tooltip="apiParams.memory.description"/>
-              </template>
-              <a-input
-                v-model:value="form.memory"
-                :placeholder="apiParams.memory.description"/>
-            </a-form-item>
-          </a-col>
-        </a-row>
-        <a-row :gutter="12" v-if="offeringType === 'customconstrained'">
-          <a-col :md="12" :lg="12">
-            <a-form-item name="mincpunumber" ref="mincpunumber">
-              <template #label>
-                <tooltip-label :title="$t('label.mincpunumber')" :tooltip="apiParams.mincpunumber.description"/>
-              </template>
-              <a-input
-                v-model:value="form.mincpunumber"
-                :placeholder="apiParams.mincpunumber.description"/>
-            </a-form-item>
-          </a-col>
-          <a-col :md="12" :lg="12">
-            <a-form-item name="maxcpunumber" ref="maxcpunumber">
-              <template #label>
-                <tooltip-label :title="$t('label.maxcpunumber')" :tooltip="apiParams.maxcpunumber.description"/>
-              </template>
-              <a-input
-                v-model:value="form.maxcpunumber"
-                :placeholder="apiParams.maxcpunumber.description"/>
-            </a-form-item>
-          </a-col>
-        </a-row>
-        <a-row :gutter="12" v-if="offeringType === 'customconstrained'">
-          <a-col :md="12" :lg="12">
-            <a-form-item name="minmemory" ref="minmemory">
-              <template #label>
-                <tooltip-label :title="$t('label.minmemory')" :tooltip="apiParams.minmemory.description"/>
-              </template>
-              <a-input
-                v-model:value="form.minmemory"
-                :placeholder="apiParams.minmemory.description"/>
-            </a-form-item>
-          </a-col>
-          <a-col :md="12" :lg="12">
-            <a-form-item name="maxmemory" ref="maxmemory">
-              <template #label>
-                <tooltip-label :title="$t('label.maxmemory')" :tooltip="apiParams.maxmemory.description"/>
-              </template>
-              <a-input
-                v-model:value="form.maxmemory"
-                :placeholder="apiParams.maxmemory.description"/>
-            </a-form-item>
-          </a-col>
-        </a-row>
-        <a-row :gutter="12">
-          <a-col :md="12" :lg="12">
-            <a-form-item v-if="isAdmin() || isDomainAdminAllowedToInformTags" name="hosttags" ref="hosttags">
-              <template #label>
-                <tooltip-label :title="$t('label.hosttags')" :tooltip="apiParams.hosttags.description"/>
-              </template>
-              <a-input
-                v-model:value="form.hosttags"
-                :placeholder="apiParams.hosttags.description"/>
-            </a-form-item>
-          </a-col>
-          <a-col :md="12" :lg="12">
-            <a-form-item name="networkrate" ref="networkrate">
-              <template #label>
-                <tooltip-label :title="$t('label.networkrate')" :tooltip="apiParams.networkrate.description"/>
-              </template>
-              <a-input
-                v-model:value="form.networkrate"
-                :placeholder="apiParams.networkrate.description"/>
-            </a-form-item>
-          </a-col>
-        </a-row>
-        <a-row :gutter="12">
-          <a-col :md="12" :lg="12">
-            <a-form-item name="offerha" ref="offerha">
-              <template #label>
-                <tooltip-label :title="$t('label.offerha')" :tooltip="apiParams.offerha.description"/>
-              </template>
-              <a-switch v-model:checked="form.offerha" />
-            </a-form-item>
-          </a-col>
-          <a-col :md="12" :lg="12">
-            <a-form-item name="dynamicscalingenabled" ref="dynamicscalingenabled">
-              <template #label>
-                <tooltip-label :title="$t('label.dynamicscalingenabled')" :tooltip="apiParams.dynamicscalingenabled.description"/>
-              </template>
-              <a-switch v-model:checked="form.dynamicscalingenabled" @change="val => { dynamicscalingenabled = val }"/>
-            </a-form-item>
-          </a-col>
-        </a-row>
-        <a-row :gutter="12">
-          <a-col :md="12" :lg="12">
-            <a-form-item name="limitcpuuse" ref="limitcpuuse">
-              <template #label>
-                <tooltip-label :title="$t('label.limitcpuuse')" :tooltip="apiParams.limitcpuuse.description"/>
-              </template>
-              <a-switch v-model:checked="form.limitcpuuse" />
-            </a-form-item>
-          </a-col>
-          <a-col :md="12" :lg="12">
-            <a-form-item v-if="!isSystem" name="isvolatile" ref="isvolatile">
-              <template #label>
-                <tooltip-label :title="$t('label.isvolatile')" :tooltip="apiParams.isvolatile.description"/>
-              </template>
-              <a-switch v-model:checked="form.isvolatile" />
-            </a-form-item>
-          </a-col>
-        </a-row>
-        <a-form-item name="deploymentplanner" ref="deploymentplanner" v-if="!isSystem && isAdmin()">
-          <template #label>
-            <tooltip-label :title="$t('label.deploymentplanner')" :tooltip="apiParams.deploymentplanner.description"/>
-          </template>
-          <a-select
-            :getPopupContainer="(trigger) => trigger.parentNode"
-            v-model:value="form.deploymentplanner"
-            showSearch
-            optionFilterProp="label"
-            :filterOption="(input, option) => {
-              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }"
-            :loading="deploymentPlannerLoading"
-            :placeholder="apiParams.deploymentplanner.description"
-            @change="val => { handleDeploymentPlannerChange(val) }">
-            <a-select-option v-for="(opt) in deploymentPlanners" :key="opt.name" :label="opt.name || opt.description || ''">
-              {{ opt.name || opt.description }}
-            </a-select-option>
-          </a-select>
-        </a-form-item>
-        <a-form-item name="plannermode" ref="plannermode" :label="$t('label.plannermode')" v-if="plannerModeVisible">
-          <a-radio-group
-            v-model:value="form.plannermode"
-            buttonStyle="solid">
-            <a-radio-button value="">
-              {{ $t('label.none') }}
-            </a-radio-button>
-            <a-radio-button value="strict">
-              {{ $t('label.strict') }}
-            </a-radio-button>
-            <a-radio-button value="Preferred">
-              {{ $t('label.preferred') }}
-            </a-radio-button>
-          </a-radio-group>
-        </a-form-item>
-        <a-form-item name="gpucardid" ref="gpucardid" :label="$t('label.gpu.card')" v-if="!isSystem">
-          <a-select
-            v-model:value="form.gpucardid"
-            showSearch
-            optionFilterProp="label"
-            :filterOption="(input, option) => {
-              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }"
-            :loading="gpuCardLoading"
-            :placeholder="$t('label.gpu.card')"
-            @change="handleGpuCardChange">
-            <a-select-option v-for="(opt, optIndex) in gpuCards" :key="optIndex" :value="opt.id" :label="opt.name || opt.description || ''">
-              {{ opt.description || opt.name || '' }}
-            </a-select-option>
-          </a-select>
-        </a-form-item>
-        <a-form-item name="vgpuprofile" ref="vgpuprofile" :label="$t('label.vgpu.profile')" v-if="!isSystem && form.gpucardid && vgpuProfiles.length > 0">
-          <a-select
-            v-model:value="form.vgpuprofile"
-            showSearch
-            optionFilterProp="label"
-            :filterOption="(input, option) => {
-              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }"
-            :loading="vgpuProfileLoading"
-            :placeholder="$t('label.vgpu.profile')">
-            <a-select-option v-for="(vgpu, vgpuIndex) in vgpuProfiles" :key="vgpuIndex" :value="vgpu.id" :label="vgpu.vgpuprofile || ''">
-              {{ vgpu.name }} {{ getVgpuProfileDetails(vgpu) }}
-            </a-select-option>
-          </a-select>
-        </a-form-item>
-        <a-row :gutter="12" v-if="!isSystem && form.gpucardid">
-          <a-col :md="12" :lg="12">
-            <a-form-item name="gpucount" ref="gpucount">
-              <template #label>
-                <tooltip-label :title="$t('label.gpu.count')" :tooltip="apiParams.gpucount.description"/>
-              </template>
-              <a-input
-                v-model:value="form.gpucount"
-                type="number"
-                min="1"
-                max="16"
-                :placeholder="$t('label.gpu.count')"/>
-            </a-form-item>
-          </a-col>
-          <a-col :md="12" :lg="12">
-            <a-form-item name="gpudisplay" ref="gpudisplay">
-              <template #label>
-                <tooltip-label :title="$t('label.gpu.display')" :tooltip="apiParams.gpudisplay.description"/>
-              </template>
-              <a-switch v-model:checked="form.gpudisplay" />
-            </a-form-item>
-          </a-col>
-        </a-row>
-        <a-form-item name="ispublic" ref="ispublic" :label="$t('label.ispublic')" v-show="isAdmin()">
-          <a-switch v-model:checked="form.ispublic" />
-        </a-form-item>
-        <a-form-item name="domainid" ref="domainid" v-if="!form.ispublic">
-          <template #label>
-            <tooltip-label :title="$t('label.domainid')" :tooltip="apiParams.domainid.description"/>
-          </template>
-          <a-select
-            mode="multiple"
-            :getPopupContainer="(trigger) => trigger.parentNode"
-            v-model:value="form.domainid"
-            showSearch
-            optionFilterProp="label"
-            :filterOption="(input, option) => {
-              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }"
-            :loading="domainLoading"
-            :placeholder="apiParams.domainid.description">
-            <a-select-option v-for="(opt, optIndex) in domains" :key="optIndex" :label="opt.path || opt.name || opt.description">
-              <span>
-                <resource-icon v-if="opt && opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
-                <block-outlined v-else style="margin-right: 5px" />
-                {{ opt.path || opt.name || opt.description }}
-              </span>
-            </a-select-option>
-          </a-select>
-        </a-form-item>
-        <a-form-item name="zoneid" ref="zoneid" v-if="!isSystem">
-          <template #label>
-            <tooltip-label :title="$t('label.zoneid')" :tooltip="apiParams.zoneid.description"/>
-          </template>
-          <a-select
-            id="zone-selection"
-            mode="multiple"
-            :getPopupContainer="(trigger) => trigger.parentNode"
-            v-model:value="form.zoneid"
-            showSearch
-            optionFilterProp="label"
-            :filterOption="(input, option) => {
-              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }"
-            @select="val => fetchvSphereStoragePolicies(val)"
-            :loading="zoneLoading"
-            :placeholder="apiParams.zoneid.description">
-            <a-select-option v-for="(opt, optIndex) in zones" :key="optIndex" :label="opt.name || opt.description">
-              <span>
-                <resource-icon v-if="opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
-                <global-outlined v-else style="margin-right: 5px"/>
-                {{ opt.name || opt.description }}
-              </span>
-            </a-select-option>
-          </a-select>
-        </a-form-item>
-        <a-form-item
-          name="storagepolicy"
-          ref="storagepolicy"
-          v-if="'listVsphereStoragePolicies' in $store.getters.apis && storagePolicies !== null">
-          <template #label>
-            <tooltip-label :title="$t('label.vmware.storage.policy')" :tooltip="apiParams.storagepolicy.description"/>
-          </template>
-          <a-select
-            :getPopupContainer="(trigger) => trigger.parentNode"
-            v-model:value="form.storagepolicy"
-            :placeholder="apiParams.storagepolicy.description"
-            showSearch
-            optionFilterProp="label"
-            :filterOption="(input, option) => {
-              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }" >
-            <a-select-option v-for="policy in storagePolicies" :key="policy.id" :label="policy.name || policy.id || ''">
-              {{ policy.name || policy.id }}
-            </a-select-option>
-          </a-select>
-        </a-form-item>
-        <a-form-item name="purgeresources" ref="purgeresources">
-          <template #label>
-            <tooltip-label :title="$t('label.purgeresources')" :tooltip="apiParams.purgeresources.description"/>
-          </template>
-          <a-switch v-model:checked="form.purgeresources"/>
-        </a-form-item>
-        <a-form-item name="showLeaseOptions" ref="showLeaseOptions" v-if="isLeaseFeatureEnabled">
-          <template #label>
-            <tooltip-label :title="$t('label.lease.enable')" :tooltip="$t('label.lease.enable.tooltip')" />
-          </template>
-          <a-switch v-model:checked="showLeaseOptions" @change="onToggleLeaseData"/>
-        </a-form-item>
-        <a-row :gutter="12" v-if="isLeaseFeatureEnabled && showLeaseOptions">
-          <a-col :md="12" :lg="12">
-            <a-form-item name="leaseduration" ref="leaseduration">
-              <template #label>
-                <tooltip-label :title="$t('label.leaseduration')"/>
-              </template>
-              <a-input
-                v-model:value="form.leaseduration"
-                :placeholder="$t('label.instance.lease.placeholder')"/>
-            </a-form-item>
-          </a-col>
-          <a-col :md="12" :lg="12">
-            <a-form-item name="leaseexpiryaction" ref="leaseexpiryaction"  v-if="form.leaseduration > 0">
-              <template #label>
-                <tooltip-label :title="$t('label.leaseexpiryaction')" />
-              </template>
-              <a-select v-model:value="form.leaseexpiryaction" :defaultValue="expiryActions">
-                <a-select-option v-for="action in expiryActions" :key="action" :label="action"/>
-              </a-select>
-            </a-form-item>
-          </a-col>
-        </a-row>
-        <a-form-item name="computeonly" ref="computeonly">
-          <template #label>
-            <tooltip-label :title="$t('label.computeonly.offering')" :tooltip="$t('label.computeonly.offering.tooltip')"/>
-          </template>
-          <a-switch v-model:checked="form.computeonly" :checked="computeonly" @change="val => { computeonly = val }"/>
-        </a-form-item>
-        <a-card style="margin-bottom: 10px;">
-          <span v-if="computeonly">
-            <a-form-item name="storagetype" ref="storagetype">
-              <template #label>
-                <tooltip-label :title="$t('label.storagetype')" :tooltip="apiParams.storagetype.description"/>
-              </template>
-              <a-radio-group
-                v-model:value="form.storagetype"
-                buttonStyle="solid"
-                @change="selected => { handleStorageTypeChange(selected.target.value) }">
-                <a-radio-button value="shared">
-                  {{ $t('label.shared') }}
-                </a-radio-button>
-                <a-radio-button value="local">
-                  {{ $t('label.local') }}
-                </a-radio-button>
-              </a-radio-group>
-            </a-form-item>
-            <a-form-item name="provisioningtype" ref="provisioningtype">
-              <template #label>
-                <tooltip-label :title="$t('label.provisioningtype')" :tooltip="apiParams.provisioningtype.description"/>
-              </template>
-              <a-radio-group
-                v-model:value="form.provisioningtype"
-                buttonStyle="solid"
-                @change="selected => { handleProvisioningTypeChange(selected.target.value) }">
-                <a-radio-button value="thin">
-                  {{ $t('label.provisioningtype.thin') }}
-                </a-radio-button>
-                <a-radio-button value="sparse">
-                  {{ $t('label.provisioningtype.sparse') }}
-                </a-radio-button>
-                <a-radio-button value="fat">
-                  {{ $t('label.provisioningtype.fat') }}
-                </a-radio-button>
-              </a-radio-group>
-            </a-form-item>
-            <a-form-item name="cachemode" ref="cachemode">
-              <template #label>
-                <tooltip-label :title="$t('label.cachemode')" :tooltip="apiParams.cachemode.description"/>
-              </template>
-              <a-radio-group
-                v-model:value="form.cachemode"
-                buttonStyle="solid"
-                @change="selected => { handleCacheModeChange(selected.target.value) }">
-                <a-radio-button value="none">
-                  {{ $t('label.nodiskcache') }}
-                </a-radio-button>
-                <a-radio-button value="writeback">
-                  {{ $t('label.writeback') }}
-                </a-radio-button>
-                <a-radio-button value="writethrough">
-                  {{ $t('label.writethrough') }}
-                </a-radio-button>
-                <a-radio-button value="hypervisor_default">
-                  {{ $t('label.hypervisor.default') }}
-                </a-radio-button>
-              </a-radio-group>
-            </a-form-item>
-            <a-form-item :label="$t('label.qostype')" name="qostype" ref="qostype">
-              <a-radio-group
-                v-model:value="form.qostype"
-                buttonStyle="solid"
-                @change="selected => { handleQosTypeChange(selected.target.value) }">
-                <a-radio-button value="">
-                  {{ $t('label.none') }}
-                </a-radio-button>
-                <a-radio-button value="hypervisor">
-                  {{ $t('label.hypervisor') }}
-                </a-radio-button>
-                <a-radio-button value="storage">
-                  {{ $t('label.storage') }}
-                </a-radio-button>
-              </a-radio-group>
-            </a-form-item>
-            <a-row :gutter="12" v-if="qosType === 'hypervisor'">
-              <a-col :md="12" :lg="12">
-                <a-form-item name="diskbytesreadrate" ref="diskbytesreadrate">
-                  <template #label>
-                    <tooltip-label :title="$t('label.diskbytesreadrate')" :tooltip="apiParams.bytesreadrate.description"/>
-                  </template>
-                  <a-input
-                    v-model:value="form.diskbytesreadrate"
-                    :placeholder="apiParams.bytesreadrate.description"/>
-                </a-form-item>
-              </a-col>
-              <a-col :md="12" :lg="12">
-                <a-form-item name="diskbyteswriterate" ref="diskbyteswriterate">
-                  <template #label>
-                    <tooltip-label :title="$t('label.diskbyteswriterate')" :tooltip="apiParams.byteswriterate.description"/>
-                  </template>
-                  <a-input
-                    v-model:value="form.diskbyteswriterate"
-                    :placeholder="apiParams.byteswriterate.description"/>
-                </a-form-item>
-              </a-col>
-            </a-row>
-            <a-row :gutter="12" v-if="qosType === 'hypervisor'">
-              <a-col :md="12" :lg="12">
-                <a-form-item name="diskiopsreadrate" ref="diskiopsreadrate">
-                  <template #label>
-                    <tooltip-label :title="$t('label.diskiopsreadrate')" :tooltip="apiParams.iopsreadrate.description"/>
-                  </template>
-                  <a-input
-                    v-model:value="form.diskiopsreadrate"
-                    :placeholder="apiParams.iopsreadrate.description"/>
-                </a-form-item>
-              </a-col>
-              <a-col :md="12" :lg="12">
-                <a-form-item name="diskiopswriterate" ref="diskiopswriterate">
-                  <template #label>
-                    <tooltip-label :title="$t('label.diskiopswriterate')" :tooltip="apiParams.iopswriterate.description"/>
-                  </template>
-                  <a-input
-                    v-model:value="form.diskiopswriterate"
-                    :placeholder="apiParams.iopswriterate.description"/>
-                </a-form-item>
-              </a-col>
-            </a-row>
-            <a-form-item v-if="!isSystem && qosType === 'storage'" name="iscustomizeddiskiops" ref="iscustomizeddiskiops">
-              <template #label>
-                <tooltip-label :title="$t('label.iscustomizeddiskiops')" :tooltip="apiParams.customizediops.description"/>
-              </template>
-              <a-switch v-model:checked="form.iscustomizeddiskiops" :checked="isCustomizedDiskIops" @change="val => { isCustomizedDiskIops = val }" />
-            </a-form-item>
-            <a-row :gutter="12" v-if="qosType === 'storage' && !isCustomizedDiskIops">
-              <a-col :md="12" :lg="12">
-                <a-form-item name="diskiopsmin" ref="diskiopsmin">
-                  <template #label>
-                    <tooltip-label :title="$t('label.diskiopsmin')" :tooltip="apiParams.miniops.description"/>
-                  </template>
-                  <a-input
-                    v-model:value="form.diskiopsmin"
-                    :placeholder="apiParams.miniops.description"/>
-                </a-form-item>
-              </a-col>
-              <a-col :md="12" :lg="12">
-                <a-form-item name="diskiopsmax" ref="diskiopsmax">
-                  <template #label>
-                    <tooltip-label :title="$t('label.diskiopsmax')" :tooltip="apiParams.maxiops.description"/>
-                  </template>
-                  <a-input
-                    v-model:value="form.diskiopsmax"
-                    :placeholder="apiParams.maxiops.description"/>
-                </a-form-item>
-              </a-col>
-            </a-row>
-            <a-form-item v-if="!isSystem && qosType === 'storage'" name="hypervisorsnapshotreserve" ref="hypervisorsnapshotreserve">
-              <template #label>
-                <tooltip-label :title="$t('label.hypervisorsnapshotreserve')" :tooltip="apiParams.hypervisorsnapshotreserve.description"/>
-              </template>
-              <a-input
-                v-model:value="form.hypervisorsnapshotreserve"
-                :placeholder="apiParams.hypervisorsnapshotreserve.description"/>
-            </a-form-item>
-            <a-row :gutter="12">
-              <a-col :md="12" :lg="12">
-                <a-form-item v-if="apiParams.rootdisksize" name="rootdisksize" ref="rootdisksize">
-                  <template #label>
-                    <tooltip-label :title="$t('label.root.disk.size')" :tooltip="apiParams.rootdisksize.description"/>
-                  </template>
-                  <a-input
-                    v-model:value="form.rootdisksize"
-                    :placeholder="apiParams.rootdisksize.description"/>
-                </a-form-item>
-              </a-col>
-              <a-col :md="12" :lg="12">
-                <a-form-item v-if="isAdmin() || isDomainAdminAllowedToInformTags" name="storagetags" ref="storagetags">
-                  <template #label>
-                    <tooltip-label :title="$t('label.storagetags')" :tooltip="apiParams.tags.description"/>
-                  </template>
-                  <a-select
-                    mode="tags"
-                    :getPopupContainer="(trigger) => trigger.parentNode"
-                    v-model:value="form.storagetags"
-                    showSearch
-                    optionFilterProp="value"
-                    :filterOption="(input, option) => {
-                      return option.value.toLowerCase().indexOf(input.toLowerCase()) >= 0
-                    }"
-                    :loading="storageTagLoading"
-                    :placeholder="apiParams.tags.description"
-                    v-if="isAdmin() || isDomainAdminAllowedToInformTags">
-                    <a-select-option v-for="opt in storageTags" :key="opt">
-                      {{ opt }}
-                    </a-select-option>
-                  </a-select>
-                </a-form-item>
-              </a-col>
-            </a-row>
-            <a-form-item name="encryptdisk" ref="encryptdisk">
-              <template #label>
-                <tooltip-label :title="$t('label.encrypt')" :tooltip="apiParams.encryptroot.description" />
-              </template>
-              <a-switch v-model:checked="form.encryptdisk" :checked="encryptdisk" @change="val => { encryptdisk = val }" />
-            </a-form-item>
-          </span>
-          <span v-if="!computeonly">
-            <a-form-item>
-              <a-button type="primary" @click="addDiskOffering()"> {{ $t('label.add.disk.offering') }} </a-button>
-              <a-modal
-                :visible="showDiskOfferingModal"
-                :title="$t('label.add.disk.offering')"
-                :footer="null"
-                centered
-                :closable="true"
-                @cancel="closeDiskOfferingModal"
-                width="auto">
-                <add-disk-offering @close-action="closeDiskOfferingModal()" @publish-disk-offering-id="($event) => updateSelectedDiskOffering($event)"/>
-              </a-modal>
-              <br /><br />
-              <a-form-item :label="$t('label.disk.offerings')" name="diskofferingid" ref="diskofferingid">
-                <a-select
-                  :getPopupContainer="(trigger) => trigger.parentNode"
-                  v-model:value="form.diskofferingid"
-                  :loading="loading"
-                  :placeholder="$t('label.diskoffering')">
-                  <a-select-option
-                    v-for="(offering, index) in diskOfferings"
-                    :value="offering.id"
-                    :key="index">
-                    {{ offering.displaytext || offering.name }}
-                  </a-select-option>
-                </a-select>
-              </a-form-item>
-            </a-form-item>
-          </span>
-          <a-form-item name="diskofferingstrictness" ref="diskofferingstrictness">
-            <template #label>
-              <tooltip-label :title="$t('label.diskofferingstrictness')" :tooltip="apiParams.diskofferingstrictness.description"/>
-            </template>
-            <a-switch v-model:checked="form.diskofferingstrictness" :checked="diskofferingstrictness" @change="val => { diskofferingstrictness = val }"/>
-          </a-form-item>
-        </a-card>
-        <a-form-item name="externaldetails" ref="externaldetails">
-          <template #label>
-            <tooltip-label :title="$t('label.externaldetails')" :tooltip="apiParams.externaldetails.description"/>
-          </template>
-          <a-switch v-model:checked="externalDetailsEnabled" @change="onExternalDetailsEnabledChange"/>
-          <a-card v-if="externalDetailsEnabled" style="margin-top: 10px">
-            <div style="margin-bottom: 10px">{{ $t('message.add.orchestrator.resource.details') }}</div>
-            <details-input
-              v-model:value="form.externaldetails" />
-          </a-card>
-        </a-form-item>
-      </a-form>
-      <br/>
-      <div :span="24" class="action-button">
-        <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
-        <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
-      </div>
+        :apiParams="apiParams"
+        :isSystem="isSystem"
+        :isAdmin="isAdmin"
+        :ref="formRef"
+        @submit="handleSubmit">
+        <template #form-actions>
+          <br/>
+          <div :span="24" class="action-button">
+            <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
+            <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+          </div>
+        </template>
+      </ComputeOfferingForm>
     </a-spin>
   </div>
 </template>
 
 <script>
-import { ref, reactive, toRaw } from 'vue'
+import ComputeOfferingForm from '@/components/offering/ComputeOfferingForm'
+import { ref, reactive } from 'vue'
 import { getAPI, postAPI } from '@/api'
 import AddDiskOffering from '@/views/offering/AddDiskOffering'
 import { isAdmin } from '@/role'
@@ -683,6 +54,7 @@ export default {
   name: 'AddServiceOffering',
   mixins: [mixinForm],
   components: {
+    ComputeOfferingForm,
     AddDiskOffering,
     ResourceIcon,
     TooltipLabel,
@@ -882,9 +254,6 @@ export default {
         this.gpuCardLoading = false
       })
     },
-    addDiskOffering () {
-      this.showDiskOfferingModal = true
-    },
     fetchDiskOfferings () {
       this.diskOfferingLoading = true
       getAPI('listDiskOfferings', {
@@ -898,47 +267,18 @@ export default {
         this.diskOfferingLoading = false
       })
     },
-    updateSelectedDiskOffering (id) {
-      if (id) {
-        this.selectedDiskOfferingId = id
-      }
-    },
-    closeDiskOfferingModal () {
-      this.fetchDiskOfferings()
-      this.showDiskOfferingModal = false
-    },
     isAdmin () {
       return isAdmin()
     },
     isDomainAdmin () {
       return ['DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
     },
-    getVgpuProfileDetails (vgpuProfile) {
-      let output = '('
-      if (vgpuProfile?.videoram) {
-        output += `${vgpuProfile.videoram} MB`
-      }
-      if (vgpuProfile?.maxresolutionx && vgpuProfile?.maxresolutiony) {
-        if (output !== '(') {
-          output += ', '
-        }
-        output += `${vgpuProfile.maxresolutionx}x${vgpuProfile.maxresolutiony}`
-      }
-      output += ')'
-      if (output === '()') {
-        return ''
-      }
-      return output
-    },
     checkIfDomainAdminIsAllowedToInformTag () {
       const params = { id: store.getters.userInfo.accountid }
       getAPI('isAccountAllowedToCreateOfferingsWithTags', params).then(json => {
         this.isDomainAdminAllowedToInformTags = json.isaccountallowedtocreateofferingswithtagsresponse.isallowed.isallowed
       })
     },
-    arrayHasItems (array) {
-      return array !== null && array !== undefined && Array.isArray(array) && array.length > 0
-    },
     fetchDomainData () {
       const params = {}
       params.listAll = true
@@ -990,83 +330,13 @@ export default {
         this.deploymentPlannerLoading = false
       })
     },
-    fetchvSphereStoragePolicies (zoneIndex) {
-      if (zoneIndex === 0 || this.form.zoneid.length > 1) {
-        this.storagePolicies = null
-        return
-      }
-      const zoneid = this.zones[zoneIndex].id
-      if ('importVsphereStoragePolicies' in this.$store.getters.apis) {
-        this.storagePolicies = []
-        getAPI('listVsphereStoragePolicies', {
-          zoneid: zoneid
-        }).then(response => {
-          this.storagePolicies = response.listvspherestoragepoliciesresponse.StoragePolicy || []
-        })
-      }
-    },
-    handleStorageTypeChange (val) {
-      this.storageType = val
-    },
-    handleProvisioningTypeChange (val) {
-      this.provisioningType = val
-    },
-    handleCacheModeChange (val) {
-      this.cacheMode = val
-    },
-    handleComputeOfferingTypeChange (val) {
-      this.offeringType = val
-    },
-    handleQosTypeChange (val) {
-      this.qosType = val
-    },
-    handleDeploymentPlannerChange (planner) {
-      this.selectedDeploymentPlanner = planner
-      this.plannerModeVisible = false
-      if (this.selectedDeploymentPlanner === 'ImplicitDedicationPlanner') {
-        this.plannerModeVisible = isAdmin()
-      }
-    },
-    handlePlannerModeChange (val) {
-      this.plannerMode = val
-    },
-    handleGpuCardChange (cardId) {
-      this.selectedGpuCard = cardId
-      this.form.vgpuprofile = ''
-      if (cardId && cardId !== '') {
-        this.fetchVgpuProfiles(cardId)
-      } else {
-        this.vgpuProfiles = []
-        this.form.gpucount = '1'
-      }
-    },
-    fetchVgpuProfiles (gpuCardId) {
-      this.vgpuProfileLoading = true
-      this.vgpuProfiles = []
-      getAPI('listVgpuProfiles', {
-        gpucardid: gpuCardId
-      }).then(json => {
-        this.vgpuProfiles = json.listvgpuprofilesresponse.vgpuprofile || []
-        this.form.vgpuprofile = this.vgpuProfiles.length > 0 ? this.vgpuProfiles[0].id : ''
-      }).catch(error => {
-        console.error('Error fetching vGPU profiles:', error)
-        this.vgpuProfiles = []
-      }).finally(() => {
-        this.vgpuProfileLoading = false
-      })
-    },
-    onExternalDetailsEnabledChange (val) {
-      if (val || !this.form.externaldetails) {
-        return
-      }
-      this.form.externaldetails = undefined
-    },
     handleSubmit (e) {
-      e.preventDefault()
+      if (e && e.preventDefault) {
+        e.preventDefault()
+      }
       if (this.loading) return
-      this.formRef.value.validate().then(() => {
-        const formRaw = toRaw(this.form)
-        const values = this.handleRemoveFields(formRaw)
+
+      this.formRef.value.validate().then((values) => {
         var params = {
           issystem: this.isSystem,
           name: values.name,
@@ -1089,7 +359,6 @@ export default {
           params.diskofferingid = values.diskofferingid
         }
 
-        // Add GPU parameters
         if (values.vgpuprofile) {
           params.vgpuprofileid = values.vgpuprofile
         }
@@ -1100,17 +369,16 @@ export default {
           params.gpudisplay = values.gpudisplay
         }
 
-        // custom fields (begin)
         if (values.offeringtype === 'fixed') {
           params.cpunumber = values.cpunumber
           params.cpuspeed = values.cpuspeed
           params.memory = values.memory
         } else {
           if (values.cpuspeed != null &&
-              values.mincpunumber != null &&
-              values.maxcpunumber != null &&
-              values.minmemory != null &&
-              values.maxmemory != null) {
+             values.mincpunumber != null &&
+             values.maxcpunumber != null &&
+             values.minmemory != null &&
+             values.maxmemory != null) {
             params.cpuspeed = values.cpuspeed
             params.mincpunumber = values.mincpunumber
             params.maxcpunumber = values.maxcpunumber
@@ -1118,7 +386,6 @@ export default {
             params.maxmemory = values.maxmemory
           }
         }
-        // custom fields (end)
 
         if (values.networkrate != null && values.networkrate.length > 0) {
           params.networkrate = values.networkrate
@@ -1137,7 +404,7 @@ export default {
               params.maxiops = values.diskiopsmax
             }
             if (values.hypervisorsnapshotreserve !== undefined &&
-              values.hypervisorsnapshotreserve != null && values.hypervisorsnapshotreserve.length > 0) {
+             values.hypervisorsnapshotreserve != null && values.hypervisorsnapshotreserve.length > 0) {
               params.hypervisorsnapshotreserve = values.hypervisorsnapshotreserve
             }
           }
@@ -1163,15 +430,15 @@ export default {
           params.hosttags = values.hosttags
         }
         if ('deploymentplanner' in values &&
-          values.deploymentplanner !== undefined &&
-          values.deploymentplanner != null && values.deploymentplanner.length > 0) {
+         values.deploymentplanner !== undefined &&
+         values.deploymentplanner != null && values.deploymentplanner.length > 0) {
           params.deploymentplanner = values.deploymentplanner
         }
         if ('deploymentplanner' in values &&
-          values.deploymentplanner !== undefined &&
-          values.deploymentplanner === 'ImplicitDedicationPlanner' &&
-          values.plannermode !== undefined &&
-          values.plannermode !== '') {
+         values.deploymentplanner !== undefined &&
+         values.deploymentplanner === 'ImplicitDedicationPlanner' &&
+         values.plannermode !== undefined &&
+         values.plannermode !== '') {
           params['serviceofferingdetails[0].key'] = 'ImplicitDedicationMode'
           params['serviceofferingdetails[0].value'] = values.plannermode
         }
@@ -1247,17 +514,6 @@ export default {
         return Promise.reject(this.$t('message.error.number'))
       }
       return Promise.resolve()
-    },
-    onToggleLeaseData () {
-      if (this.showLeaseOptions === false) {
-        this.leaseduration = undefined
-        this.leaseexpiryaction = undefined
-      } else {
-        this.leaseduration = this.leaseduration !== undefined ? this.leaseduration : this.defaultLeaseDuration
-        this.leaseexpiryaction = this.leaseexpiryaction !== undefined ? this.leaseexpiryaction : this.defaultLeaseExpiryAction
-      }
-      this.form.leaseduration = this.leaseduration
-      this.form.leaseexpiryaction = this.leaseexpiryaction
     }
   }
 }
diff --git a/ui/src/views/offering/AddDiskOffering.vue b/ui/src/views/offering/AddDiskOffering.vue
index bfdd778d4493..0013425d106d 100644
--- a/ui/src/views/offering/AddDiskOffering.vue
+++ b/ui/src/views/offering/AddDiskOffering.vue
@@ -18,485 +18,57 @@
 <template>
   <div class="form-layout" v-ctrl-enter="handleSubmit">
     <a-spin :spinning="loading">
-      <a-form
-        :ref="formRef"
-        :model="form"
-        :rules="rules"
-        @finish="handleSubmit"
-        layout="vertical"
-       >
-        <a-form-item name="name" ref="name">
-          <template #label>
-            <tooltip-label :title="$t('label.name')" :tooltip="apiParams.name.description"/>
-          </template>
-          <a-input
-            v-focus="true"
-            v-model:value="form.name"
-            :placeholder="apiParams.name.description"/>
-        </a-form-item>
-        <a-form-item name="displaytext" ref="displaytext">
-          <template #label>
-            <tooltip-label :title="$t('label.displaytext')" :tooltip="apiParams.displaytext.description"/>
-          </template>
-          <a-input
-            v-model:value="form.displaytext"
-            :placeholder="apiParams.displaytext.description"/>
-        </a-form-item>
-        <a-form-item name="storagetype" ref="storagetype">
-          <template #label>
-            <tooltip-label :title="$t('label.storagetype')" :tooltip="apiParams.storagetype.description"/>
-          </template>
-          <a-radio-group
-            v-model:value="form.storagetype"
-            buttonStyle="solid">
-            <a-radio-button value="shared">
-              {{ $t('label.shared') }}
-            </a-radio-button>
-            <a-radio-button value="local">
-              {{ $t('label.local') }}
-            </a-radio-button>
-          </a-radio-group>
-        </a-form-item>
-        <a-form-item name="provisioningtype" ref="provisioningtype">
-          <template #label>
-            <tooltip-label :title="$t('label.provisioningtype')" :tooltip="apiParams.provisioningtype.description"/>
-          </template>
-          <a-radio-group
-            v-model:value="form.provisioningtype"
-            buttonStyle="solid">
-            <a-radio-button value="thin">
-              {{ $t('label.provisioningtype.thin') }}
-            </a-radio-button>
-            <a-radio-button value="sparse">
-              {{ $t('label.provisioningtype.sparse') }}
-            </a-radio-button>
-            <a-radio-button value="fat">
-              {{ $t('label.provisioningtype.fat') }}
-            </a-radio-button>
-          </a-radio-group>
-        </a-form-item>
-        <a-form-item name="encryptdisk" ref="encryptdisk">
-          <template #label>
-            <tooltip-label :title="$t('label.encrypt')" :tooltip="apiParams.encrypt.description" />
-          </template>
-          <a-switch v-model:checked="form.encryptdisk" :checked="encryptdisk" @change="val => { encryptdisk = val }" />
-        </a-form-item>
-        <a-form-item name="disksizestrictness" ref="disksizestrictness">
-          <template #label>
-            <tooltip-label :title="$t('label.disksizestrictness')" :tooltip="apiParams.disksizestrictness.description" />
-          </template>
-          <a-switch v-model:checked="form.disksizestrictness" :checked="disksizestrictness" @change="val => { disksizestrictness = val }" />
-        </a-form-item>
-        <a-form-item name="customdisksize" ref="customdisksize">
-          <template #label>
-            <tooltip-label :title="$t('label.customdisksize')" :tooltip="apiParams.customized.description"/>
-          </template>
-          <a-switch v-model:checked="form.customdisksize" />
-        </a-form-item>
-        <a-form-item v-if="!form.customdisksize" name="disksize" ref="disksize">
-          <template #label>
-            <tooltip-label :title="$t('label.disksize')" :tooltip="apiParams.disksize.description"/>
-          </template>
-          <a-input
-            v-model:value="form.disksize"
-            :placeholder="apiParams.disksize.description"/>
-        </a-form-item>
-        <a-form-item name="qostype" ref="qostype" :label="$t('label.qostype')">
-          <a-radio-group
-            v-model:value="form.qostype"
-            buttonStyle="solid">
-            <a-radio-button value="">
-              {{ $t('label.none') }}
-            </a-radio-button>
-            <a-radio-button value="hypervisor">
-              {{ $t('label.hypervisor') }}
-            </a-radio-button>
-            <a-radio-button value="storage">
-              {{ $t('label.storage') }}
-            </a-radio-button>
-          </a-radio-group>
-        </a-form-item>
-        <a-form-item v-if="form.qostype === 'hypervisor'" name="diskbytesreadrate" ref="diskbytesreadrate">
-          <template #label>
-            <tooltip-label :title="$t('label.diskbytesreadrate')" :tooltip="apiParams.bytesreadrate.description"/>
-          </template>
-          <a-input
-            v-model:value="form.diskbytesreadrate"
-            :placeholder="apiParams.bytesreadrate.description"/>
-        </a-form-item>
-        <a-form-item v-if="form.qostype === 'hypervisor'" name="diskbytesreadratemax" ref="diskbytesreadratemax">
-          <template #label>
-            <tooltip-label :title="$t('label.diskbytesreadratemax')" :tooltip="apiParams.bytesreadratemax.description"/>
-          </template>
-          <a-input
-            v-model:value="form.diskbytesreadratemax"
-            :placeholder="apiParams.bytesreadratemax.description"/>
-        </a-form-item>
-        <a-form-item v-if="form.qostype === 'hypervisor'" name="diskbyteswriterate" ref="diskbyteswriterate">
-          <template #label>
-            <tooltip-label :title="$t('label.diskbyteswriterate')" :tooltip="apiParams.byteswriterate.description"/>
-          </template>
-          <a-input
-            v-model:value="form.diskbyteswriterate"
-            :placeholder="apiParams.byteswriterate.description"/>
-        </a-form-item>
-        <a-form-item v-if="form.qostype === 'hypervisor'" name="diskbyteswriteratemax" ref="diskbyteswriteratemax">
-          <template #label>
-            <tooltip-label :title="$t('label.diskbyteswriteratemax')" :tooltip="apiParams.byteswriteratemax.description"/>
-          </template>
-          <a-input
-            v-model:value="form.diskbyteswriteratemax"
-            :placeholder="apiParams.byteswriteratemax.description"/>
-        </a-form-item>
-        <a-form-item v-if="form.qostype === 'hypervisor'" name="diskiopsreadrate" ref="diskiopsreadrate">
-          <template #label>
-            <tooltip-label :title="$t('label.diskiopsreadrate')" :tooltip="apiParams.iopsreadrate.description"/>
-          </template>
-          <a-input
-            v-model:value="form.diskiopsreadrate"
-            :placeholder="apiParams.iopsreadrate.description"/>
-        </a-form-item>
-        <a-form-item v-if="form.qostype === 'hypervisor'" name="diskiopswriterate" ref="diskiopswriterate">
-          <template #label>
-            <tooltip-label :title="$t('label.diskiopswriterate')" :tooltip="apiParams.iopswriterate.description"/>
-          </template>
-          <a-input
-            v-model:value="form.diskiopswriterate"
-            :placeholder="apiParams.iopswriterate.description"/>
-        </a-form-item>
-        <a-form-item v-if="form.qostype === 'storage'" name="iscustomizeddiskiops" ref="iscustomizeddiskiops">
-          <template #label>
-            <tooltip-label :title="$t('label.iscustomizeddiskiops')" :tooltip="apiParams.customizediops.description"/>
-          </template>
-          <a-switch v-model:checked="form.iscustomizeddiskiops" />
-        </a-form-item>
-        <a-form-item v-if="form.qostype === 'storage' && !form.iscustomizeddiskiops" name="diskiopsmin" ref="diskiopsmin">
-          <template #label>
-            <tooltip-label :title="$t('label.diskiopsmin')" :tooltip="apiParams.miniops.description"/>
-          </template>
-          <a-input
-            v-model:value="form.diskiopsmin"
-            :placeholder="apiParams.miniops.description"/>
-        </a-form-item>
-        <a-form-item v-if="form.qostype === 'storage' && !form.iscustomizeddiskiops" name="diskiopsmax" ref="diskiopsmax">
-          <template #label>
-            <tooltip-label :title="$t('label.diskiopsmax')" :tooltip="apiParams.maxiops.description"/>
-          </template>
-          <a-input
-            v-model:value="form.diskiopsmax"
-            :placeholder="apiParams.maxiops.description"/>
-        </a-form-item>
-        <a-form-item v-if="form.qostype === 'storage'" name="hypervisorsnapshotreserve" ref="hypervisorsnapshotreserve">
-          <template #label>
-            <tooltip-label :title="$t('label.hypervisorsnapshotreserve')" :tooltip="apiParams.hypervisorsnapshotreserve.description"/>
-          </template>
-          <a-input
-            v-model:value="form.hypervisorsnapshotreserve"
-            :placeholder="apiParams.hypervisorsnapshotreserve.description"/>
-        </a-form-item>
-        <a-form-item name="writecachetype" ref="writecachetype">
-          <template #label>
-            <tooltip-label :title="$t('label.writecachetype')" :tooltip="apiParams.cachemode.description"/>
-          </template>
-          <a-radio-group
-            v-model:value="form.writecachetype"
-            buttonStyle="solid"
-            @change="selected => { handleWriteCacheTypeChange(selected.target.value) }">
-            <a-radio-button value="none">
-              {{ $t('label.nodiskcache') }}
-            </a-radio-button>
-            <a-radio-button value="writeback">
-              {{ $t('label.writeback') }}
-            </a-radio-button>
-            <a-radio-button value="writethrough">
-              {{ $t('label.writethrough') }}
-            </a-radio-button>
-            <a-radio-button value="hypervisor_default">
-              {{ $t('label.hypervisor.default') }}
-            </a-radio-button>
-          </a-radio-group>
-        </a-form-item>
-        <a-form-item v-if="isAdmin() || isDomainAdminAllowedToInformTags" name="tags" ref="tags">
-          <template #label>
-            <tooltip-label :title="$t('label.storagetags')" :tooltip="apiParams.tags.description"/>
-          </template>
-          <a-select
-            :getPopupContainer="(trigger) => trigger.parentNode"
-            mode="tags"
-            v-model:value="form.tags"
-            showSearch
-            optionFilterProp="value"
-            :filterOption="(input, option) => {
-              return option.value.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }"
-            :loading="storageTagLoading"
-            :placeholder="apiParams.tags.description"
-            v-if="isAdmin() || isDomainAdminAllowedToInformTags">
-            <a-select-option v-for="(opt) in storageTags" :key="opt">
-              {{ opt }}
-            </a-select-option>
-          </a-select>
-        </a-form-item>
-        <a-form-item :label="$t('label.ispublic')" v-show="isAdmin()" name="ispublic" ref="ispublic">
-          <a-switch v-model:checked="form.ispublic" @change="val => { isPublic = val }" />
-        </a-form-item>
-        <a-form-item v-if="!isPublic" name="domainid" ref="domainid">
-          <template #label>
-            <tooltip-label :title="$t('label.domainid')" :tooltip="apiParams.domainid.description"/>
-          </template>
-          <a-select
-            mode="multiple"
-            :getPopupContainer="(trigger) => trigger.parentNode"
-            v-model:value="form.domainid"
-            showSearch
-            optionFilterProp="label"
-            :filterOption="(input, option) => {
-              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }"
-            :loading="domainLoading"
-            :placeholder="apiParams.domainid.description">
-            <a-select-option v-for="(opt, optIndex) in domains" :key="optIndex" :label="opt.path || opt.name || opt.description">
-              <span>
-                <resource-icon v-if="opt && opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
-                <block-outlined v-else style="margin-right: 5px" />
-                {{ opt.path || opt.name || opt.description }}
-              </span>
-            </a-select-option>
-          </a-select>
-        </a-form-item>
-        <a-form-item name="zoneid" ref="zoneid">
-          <template #label>
-            <tooltip-label :title="$t('label.zoneid')" :tooltip="apiParams.zoneid.description"/>
-          </template>
-          <a-select
-            id="zone-selection"
-            mode="multiple"
-            :getPopupContainer="(trigger) => trigger.parentNode"
-            v-model:value="form.zoneid"
-            showSearch
-            optionFilterProp="label"
-            :filterOption="(input, option) => {
-              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }"
-            @select="val => fetchvSphereStoragePolicies(val)"
-            :loading="zoneLoading"
-            :placeholder="apiParams.zoneid.description">
-            <a-select-option v-for="(opt, optIndex) in zones" :key="optIndex" :label="opt.name || opt.description">
-              <span>
-                <resource-icon v-if="opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
-                <global-outlined v-else style="margin-right: 5px"/>
-                {{ opt.name || opt.description }}
-              </span>
-            </a-select-option>
-          </a-select>
-        </a-form-item>
-        <a-form-item v-if="'listVsphereStoragePolicies' in $store.getters.apis && storagePolicies !== null" name="storagepolicy" ref="storagepolicy">
-          <template #label>
-            <tooltip-label :title="$t('label.vmware.storage.policy')" :tooltip="apiParams.storagepolicy.description"/>
-          </template>
-          <a-select
-            :getPopupContainer="(trigger) => trigger.parentNode"
-            v-model:value="form.storagepolicy"
-            :placeholder="apiParams.storagepolicy.description"
-            showSearch
-            optionFilterProp="label"
-            :filterOption="(input, option) => {
-              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
-            }" >
-            <a-select-option v-for="policy in storagePolicies" :key="policy.id" :label="policy.name || policy.id || ''">
-              {{ policy.name || policy.id }}
-            </a-select-option>
-          </a-select>
-        </a-form-item>
-      </a-form>
-      <div :span="24" class="action-button">
-        <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
-        <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
-      </div>
+      <DiskOfferingForm
+        ref="formRef"
+        :initialValues="form"
+        :apiParams="apiParams"
+        :isAdmin="isAdmin"
+        @submit="handleSubmit">
+        <template #form-actions>
+          <div :span="24" class="action-button">
+            <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
+            <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+          </div>
+        </template>
+      </DiskOfferingForm>
     </a-spin>
   </div>
 </template>
 
 <script>
-import { getAPI, postAPI } from '@/api'
-import { reactive, ref, toRaw } from 'vue'
+import DiskOfferingForm from '@/components/offering/DiskOfferingForm'
+import { reactive } from 'vue'
+import { postAPI } from '@/api'
 import { isAdmin } from '@/role'
-import { mixinForm } from '@/utils/mixin'
-import ResourceIcon from '@/components/view/ResourceIcon'
-import TooltipLabel from '@/components/widgets/TooltipLabel'
-import store from '@/store'
 
 export default {
   name: 'AddDiskOffering',
-  mixins: [mixinForm],
   components: {
-    ResourceIcon,
-    TooltipLabel
+    DiskOfferingForm
   },
   data () {
     return {
-      selectedDomains: [],
-      storageTags: [],
-      storagePolicies: null,
-      storageTagLoading: false,
-      isPublic: true,
-      isEncrypted: false,
-      domains: [],
-      domainLoading: false,
-      zones: [],
-      zoneLoading: false,
-      loading: false,
-      disksizestrictness: false,
-      encryptdisk: false,
-      isDomainAdminAllowedToInformTags: false
+      formRef: null,
+      form: reactive({}),
+      loading: false
     }
   },
   beforeCreate () {
     this.apiParams = this.$getApiParams('createDiskOffering')
   },
   created () {
-    this.zones = [
-      {
-        id: null,
-        name: this.$t('label.all.zone')
-      }
-    ]
-    this.isPublic = isAdmin()
-    this.initForm()
-    this.fetchData()
   },
   methods: {
-    initForm () {
-      this.formRef = ref()
-      this.form = reactive({
-        storagetype: 'shared',
-        provisioningtype: 'thin',
-        customdisksize: true,
-        writecachetype: 'none',
-        qostype: '',
-        ispublic: this.isPublic,
-        disksizestrictness: this.disksizestrictness,
-        encryptdisk: this.encryptdisk
-      })
-      this.rules = reactive({
-        name: [{ required: true, message: this.$t('message.error.required.input') }],
-        disksize: [
-          { required: true, message: this.$t('message.error.required.input') },
-          { type: 'number', validator: this.validateNumber }
-        ],
-        diskbytesreadrate: [{ type: 'number', validator: this.validateNumber }],
-        diskbytesreadratemax: [{ type: 'number', validator: this.validateNumber }],
-        diskbyteswriterate: [{ type: 'number', validator: this.validateNumber }],
-        diskbyteswriteratemax: [{ type: 'number', validator: this.validateNumber }],
-        diskiopsreadrate: [{ type: 'number', validator: this.validateNumber }],
-        diskiopswriterate: [{ type: 'number', validator: this.validateNumber }],
-        diskiopsmin: [{ type: 'number', validator: this.validateNumber }],
-        diskiopsmax: [{ type: 'number', validator: this.validateNumber }],
-        hypervisorsnapshotreserve: [{ type: 'number', validator: this.validateNumber }],
-        domainid: [{ type: 'array', required: true, message: this.$t('message.error.select') }],
-        zoneid: [{
-          type: 'array',
-          validator: async (rule, value) => {
-            if (value && value.length > 1 && value.indexOf(0) !== -1) {
-              return Promise.reject(this.$t('message.error.zone.combined'))
-            }
-            return Promise.resolve()
-          }
-        }]
-      })
-    },
-    handleWriteCacheTypeChange (val) {
-      this.form.writeCacheType = val
-    },
-    fetchData () {
-      this.fetchDomainData()
-      this.fetchZoneData()
-      if (isAdmin()) {
-        this.fetchStorageTagData()
-      }
-      if (this.isDomainAdmin()) {
-        this.checkIfDomainAdminIsAllowedToInformTag()
-        if (this.isDomainAdminAllowedToInformTags) {
-          this.fetchStorageTagData()
-        }
-      }
-    },
-    isDomainAdmin () {
-      return ['DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
-    },
     isAdmin () {
       return isAdmin()
     },
-    checkIfDomainAdminIsAllowedToInformTag () {
-      const params = { id: store.getters.userInfo.accountid }
-      getAPI('isAccountAllowedToCreateOfferingsWithTags', params).then(json => {
-        this.isDomainAdminAllowedToInformTags = json.isaccountallowedtocreateofferingswithtagsresponse.isallowed.isallowed
-      })
-    },
-    arrayHasItems (array) {
-      return array !== null && array !== undefined && Array.isArray(array) && array.length > 0
-    },
-    fetchDomainData () {
-      const params = {}
-      params.listAll = true
-      params.showicon = true
-      params.details = 'min'
-      this.domainLoading = true
-      getAPI('listDomains', params).then(json => {
-        const listDomains = json.listdomainsresponse.domain
-        this.domains = this.domains.concat(listDomains)
-      }).finally(() => {
-        this.domainLoading = false
-      })
-    },
-    fetchZoneData () {
-      const params = {}
-      params.showicon = true
-      this.zoneLoading = true
-      getAPI('listZones', params).then(json => {
-        const listZones = json.listzonesresponse.zone
-        if (listZones) {
-          this.zones = this.zones.concat(listZones)
-        }
-      }).finally(() => {
-        this.zoneLoading = false
-      })
-    },
-    fetchStorageTagData () {
-      const params = {}
-      this.storageTagLoading = true
-      getAPI('listStorageTags', params).then(json => {
-        const tags = json.liststoragetagsresponse.storagetag || []
-        for (const tag of tags) {
-          if (!this.storageTags.includes(tag.name)) {
-            this.storageTags.push(tag.name)
-          }
-        }
-      }).finally(() => {
-        this.storageTagLoading = false
-      })
-    },
-    fetchvSphereStoragePolicies (zoneIndex) {
-      if (zoneIndex === 0 || this.form.zoneid.length > 1) {
-        this.storagePolicies = null
-        return
-      }
-      const zoneid = this.zones[zoneIndex].id
-      if ('importVsphereStoragePolicies' in this.$store.getters.apis) {
-        this.storagePolicies = []
-        getAPI('listVsphereStoragePolicies', {
-          zoneid: zoneid
-        }).then(response => {
-          this.storagePolicies = response.listvspherestoragepoliciesresponse.StoragePolicy || []
-        })
-      }
-    },
     handleSubmit (e) {
-      e.preventDefault()
+      if (e && e.preventDefault) {
+        e.preventDefault()
+      }
       if (this.loading) return
-      this.formRef.value.validate().then(() => {
-        const formRaw = toRaw(this.form)
-        const values = this.handleRemoveFields(formRaw)
+
+      this.$refs.formRef.validate().then((values) => {
         var params = {
           name: values.name,
           displaytext: values.displaytext,
@@ -553,8 +125,9 @@ export default {
           var domainId = null
           if (domainIndexes && domainIndexes.length > 0) {
             var domainIds = []
+            const domains = this.$refs.formRef.domains
             for (var i = 0; i < domainIndexes.length; i++) {
-              domainIds = domainIds.concat(this.domains[domainIndexes[i]].id)
+              domainIds.push(domains[domainIndexes[i]].id)
             }
             domainId = domainIds.join(',')
           }
@@ -566,8 +139,9 @@ export default {
         var zoneId = null
         if (zoneIndexes && zoneIndexes.length > 0) {
           var zoneIds = []
+          const zones = this.$refs.formRef.zones
           for (var j = 0; j < zoneIndexes.length; j++) {
-            zoneIds = zoneIds.concat(this.zones[zoneIndexes[j]].id)
+            zoneIds.push(zones[zoneIndexes[j]].id)
           }
           zoneId = zoneIds.join(',')
         }
@@ -577,6 +151,8 @@ export default {
         if (values.storagepolicy) {
           params.storagepolicy = values.storagepolicy
         }
+
+        this.loading = true
         postAPI('createDiskOffering', params).then(json => {
           this.$emit('publish-disk-offering-id', json?.creatediskofferingresponse?.diskoffering?.id)
           this.$message.success(`${this.$t('message.disk.offering.created')} ${values.name}`)
@@ -591,12 +167,6 @@ export default {
     },
     closeAction () {
       this.$emit('close-action')
-    },
-    async validateNumber (rule, value) {
-      if (value && (isNaN(value) || value <= 0)) {
-        return Promise.reject(this.$t('message.error.number'))
-      }
-      return Promise.resolve()
     }
   }
 }
diff --git a/ui/src/views/offering/AddNetworkOffering.vue b/ui/src/views/offering/AddNetworkOffering.vue
index abb70abda27a..d1bbb0f7304f 100644
--- a/ui/src/views/offering/AddNetworkOffering.vue
+++ b/ui/src/views/offering/AddNetworkOffering.vue
@@ -588,6 +588,7 @@ import { mixinForm } from '@/utils/mixin'
 import CheckBoxSelectPair from '@/components/CheckBoxSelectPair'
 import ResourceIcon from '@/components/view/ResourceIcon'
 import TooltipLabel from '@/components/widgets/TooltipLabel'
+import { buildServiceCapabilityParams } from '@/composables/useServiceCapabilityParams'
 
 export default {
   name: 'AddNetworkOffering',
@@ -1173,99 +1174,7 @@ export default {
           }
         }
         if (this.selectedServiceProviderMap != null) {
-          var supportedServices = Object.keys(this.selectedServiceProviderMap)
-          params.supportedservices = supportedServices.join(',')
-          for (var k in supportedServices) {
-            params['serviceProviderList[' + k + '].service'] = supportedServices[k]
-            params['serviceProviderList[' + k + '].provider'] = this.selectedServiceProviderMap[supportedServices[k]]
-          }
-          var serviceCapabilityIndex = 0
-          if (supportedServices.includes('Connectivity')) {
-            if (values.supportsstrechedl2subnet === true) {
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'Connectivity'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'RegionLevelVpc'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-              serviceCapabilityIndex++
-            }
-            if (values.supportspublicaccess === true) {
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'Connectivity'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'DistributedRouter'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-              serviceCapabilityIndex++
-            }
-            delete params.supportsstrechedl2subnet
-            delete params.supportspublicaccess
-          }
-          if (supportedServices.includes('SourceNat')) {
-            if (values.redundantroutercapability === true) {
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'RedundantRouter'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-              serviceCapabilityIndex++
-            }
-            params['servicecapabilitylist[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
-            params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilitytype'] = 'SupportedSourceNatTypes'
-            params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilityvalue'] = values.sourcenattype
-            serviceCapabilityIndex++
-            delete params.redundantroutercapability
-            delete params.sourcenattype
-          } else if (values.redundantroutercapability === true) {
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'Gateway'
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'RedundantRouter'
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-          }
-          if (supportedServices.includes('SourceNat')) {
-            if (values.elasticip === true) {
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].service'] = 'StaticNat'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilitytype'] = 'ElasticIp'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-              serviceCapabilityIndex++
-            }
-            if (values.elasticip === true || values.associatepublicip === true) {
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].service'] = 'StaticNat'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilitytype'] = 'associatePublicIP'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilityvalue'] = values.associatepublicip
-              serviceCapabilityIndex++
-            }
-            delete params.elasticip
-            delete params.associatepublicip
-          }
-          if (supportedServices.includes('Lb')) {
-            if ('vmautoscalingcapability' in values) {
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].service'] = 'lb'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilitytype'] = 'VmAutoScaling'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilityvalue'] = values.vmautoscalingcapability
-              serviceCapabilityIndex++
-            }
-            if (values.elasticlb === true) {
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].service'] = 'lb'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilitytype'] = 'ElasticLb'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-              serviceCapabilityIndex++
-            }
-            if (values.inlinemode === true && ((this.selectedServiceProviderMap.Lb === 'F5BigIp') || (this.selectedServiceProviderMap.Lb === 'Netscaler'))) {
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].service'] = 'lb'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilitytype'] = 'InlineMode'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilityvalue'] = values.inlinemode
-              serviceCapabilityIndex++
-            }
-            params['servicecapabilitylist[' + serviceCapabilityIndex + '].service'] = 'lb'
-            params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilitytype'] = 'SupportedLbIsolation'
-            params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilityvalue'] = values.isolation
-            serviceCapabilityIndex++
-            if (this.selectedServiceProviderMap.Lb === 'InternalLbVm') {
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].service'] = 'lb'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilitytype'] = 'lbSchemes'
-              params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilityvalue'] = 'internal'
-              serviceCapabilityIndex++
-            }
-            if ('netscalerservicepackages' in values &&
-              this.registeredServicePackages.length > values.netscalerservicepackages &&
-              'netscalerservicepackagesdescription' in values) {
-              params['details[' + 0 + '].servicepackageuuid'] = this.registeredServicePackages[values.netscalerservicepackages].id
-              params['details[' + 1 + '].servicepackagedescription'] = values.netscalerservicepackagesdescription
-            }
-          }
+          buildServiceCapabilityParams(params, values, this.selectedServiceProviderMap, this.registeredServicePackages)
         } else {
           if (!('supportedservices' in params)) {
             params.supportedservices = ''
diff --git a/ui/src/views/offering/AddVpcOffering.vue b/ui/src/views/offering/AddVpcOffering.vue
index 32aa3e8d3583..509109c91c26 100644
--- a/ui/src/views/offering/AddVpcOffering.vue
+++ b/ui/src/views/offering/AddVpcOffering.vue
@@ -194,6 +194,14 @@
             </a-select-option>
           </a-select>
         </a-form-item>
+        <a-form-item
+          name="conservemode"
+          ref="conservemode">
+          <template #label>
+            <tooltip-label :title="$t('label.conservemode')" :tooltip="apiParams.conservemode.description"/>
+          </template>
+          <a-switch v-model:checked="form.conservemode" />
+        </a-form-item>
         <a-form-item name="ispublic" ref="ispublic" :label="$t('label.ispublic')" v-if="isAdmin()">
           <a-switch v-model:checked="form.ispublic" />
         </a-form-item>
@@ -269,6 +277,7 @@ import { mixinForm } from '@/utils/mixin'
 import CheckBoxSelectPair from '@/components/CheckBoxSelectPair'
 import ResourceIcon from '@/components/view/ResourceIcon'
 import TooltipLabel from '@/components/widgets/TooltipLabel'
+import { buildVpcServiceCapabilityParams } from '@/composables/useServiceCapabilityParams'
 
 export default {
   name: 'AddVpcOffering',
@@ -282,7 +291,6 @@ export default {
     return {
       selectedDomains: [],
       selectedZones: [],
-      isConserveMode: true,
       internetProtocolValue: 'ipv4',
       domains: [],
       domainLoading: false,
@@ -328,7 +336,8 @@ export default {
         description: 'Netris',
         enabled: true
       },
-      nsxSupportedServicesMap: {}
+      nsxSupportedServicesMap: {},
+      conservemode: false
     }
   },
   beforeCreate () {
@@ -719,6 +728,7 @@ export default {
           params.provider = 'Netris'
         }
         params.networkmode = values.networkmode
+        params.conservemode = values.conservemode
         if (!values.forVpc) {
           params.specifyasnumber = values.specifyasnumber
         }
@@ -733,35 +743,7 @@ export default {
             params['serviceProviderList[' + k + '].service'] = supportedServices[k]
             params['serviceProviderList[' + k + '].provider'] = this.selectedServiceProviderMap[supportedServices[k]]
           }
-          var serviceCapabilityIndex = 0
-          if (supportedServices.includes('Connectivity')) {
-            if (values.regionlevelvpc === true) {
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'Connectivity'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'RegionLevelVpc'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-              serviceCapabilityIndex++
-            }
-            if (values.distributedrouter === true) {
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'Connectivity'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'DistributedRouter'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-              serviceCapabilityIndex++
-            }
-          }
-          if (supportedServices.includes('SourceNat') && values.redundantrouter === true) {
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'RedundantRouter'
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-            serviceCapabilityIndex++
-          } else if (values.redundantrouter === true) {
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'Gateway'
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'RedundantRouter'
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-            serviceCapabilityIndex++
-          }
-          if (values.serviceofferingid && this.isVpcVirtualRouterForAtLeastOneService) {
-            params.serviceofferingid = values.serviceofferingid
-          }
+          buildVpcServiceCapabilityParams(params, values, this.selectedServiceProviderMap, this.isVpcVirtualRouterForAtLeastOneService)
         } else {
           params.supportedservices = []
         }
diff --git a/ui/src/views/offering/CloneBackupOffering.vue b/ui/src/views/offering/CloneBackupOffering.vue
new file mode 100644
index 000000000000..c489286ce6c2
--- /dev/null
+++ b/ui/src/views/offering/CloneBackupOffering.vue
@@ -0,0 +1,432 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+  <div class="form-layout" v-ctrl-enter="handleSubmit">
+    <a-spin :spinning="loading">
+      <a-alert
+        v-if="resource"
+        type="info"
+        style="margin-bottom: 16px">
+        <template #message>
+          <div style="display: block; width: 100%;">
+            <div style="display: block; margin-bottom: 8px;">
+              <strong>{{ $t('message.clone.offering.from') }}: {{ resource.name }}</strong>
+            </div>
+            <div style="display: block; font-size: 12px;">
+              {{ $t('message.clone.offering.edit.hint') }}
+            </div>
+          </div>
+        </template>
+      </a-alert>
+      <a-form
+        layout="vertical"
+        :ref="formRef"
+        :model="form"
+        :rules="rules"
+        @finish="handleSubmit"
+       >
+        <a-form-item name="name" ref="name">
+          <template #label>
+            <tooltip-label :title="$t('label.name')" :tooltip="apiParams.name.description"/>
+          </template>
+          <a-input
+            v-focus="true"
+            v-model:value="form.name"/>
+        </a-form-item>
+        <a-form-item name="description" ref="description">
+          <template #label>
+            <tooltip-label :title="$t('label.description')" :tooltip="apiParams.description.description"/>
+          </template>
+          <a-input v-model:value="form.description"/>
+        </a-form-item>
+        <a-form-item name="zoneid" ref="zoneid">
+          <template #label>
+            <tooltip-label :title="$t('label.zoneid')" :tooltip="apiParams.zoneid ? apiParams.zoneid.description : ''"/>
+          </template>
+          <a-select
+            allowClear
+            v-model:value="form.zoneid"
+            :loading="zones.loading"
+            @change="onChangeZone"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }" >
+            <a-select-option v-for="zone in zones.opts" :key="zone.name" :label="zone.name">
+              <span>
+                <resource-icon v-if="zone.icon" :image="zone.icon.base64image" size="1x" style="margin-right: 5px"/>
+                <global-outlined v-else style="margin-right: 5px"/>
+                {{ zone.name }}
+              </span>
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="externalid" ref="externalid">
+          <template #label>
+            <tooltip-label :title="$t('label.externalid')" :tooltip="apiParams.externalid ? apiParams.externalid.description : ''"/>
+          </template>
+          <a-select
+            allowClear
+            v-model:value="form.externalid"
+            :loading="externals.loading"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }" >
+            <a-select-option v-for="opt in externals.opts" :key="opt.id" :label="opt.name">
+              {{ opt.name }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="allowuserdrivenbackups" ref="allowuserdrivenbackups">
+          <template #label>
+            <tooltip-label :title="$t('label.allowuserdrivenbackups')" :tooltip="apiParams.allowuserdrivenbackups ? apiParams.allowuserdrivenbackups.description : ''"/>
+          </template>
+          <a-switch v-model:checked="form.allowuserdrivenbackups"/>
+        </a-form-item>
+        <a-form-item name="ispublic" ref="ispublic" :label="$t('label.ispublic')" v-if="isAdmin()">
+          <a-switch v-model:checked="form.ispublic" @change="onChangeIsPublic" />
+        </a-form-item>
+        <a-form-item name="domainid" ref="domainid" v-if="!form.ispublic">
+          <template #label>
+            <tooltip-label :title="$t('label.domainid')" :tooltip="apiParams.domainid.description"/>
+          </template>
+          <a-select
+            mode="multiple"
+            :getPopupContainer="(trigger) => trigger.parentNode"
+            v-model:value="form.domainid"
+            @change="onChangeDomain"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="domains.loading"
+            :placeholder="apiParams.domainid.description">
+            <a-select-option v-for="(opt, optIndex) in domains.opts" :key="optIndex" :label="opt.path || opt.name || opt.description">
+              <span>
+                <resource-icon v-if="opt && opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
+                <block-outlined v-else style="margin-right: 5px" />
+                {{ opt.path || opt.name || opt.description }}
+              </span>
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <div :span="24" class="action-button">
+          <a-button :loading="loading" @click="closeAction">{{ $t('label.cancel') }}</a-button>
+          <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+        </div>
+      </a-form>
+    </a-spin>
+  </div>
+</template>
+
+<script>
+import { ref, reactive, toRaw } from 'vue'
+import { getAPI, postAPI } from '@/api'
+import ResourceIcon from '@/components/view/ResourceIcon'
+import TooltipLabel from '@/components/widgets/TooltipLabel'
+import { GlobalOutlined } from '@ant-design/icons-vue'
+import { isAdmin } from '@/role'
+
+export default {
+  name: 'CloneBackupOffering',
+  components: {
+    TooltipLabel,
+    ResourceIcon,
+    GlobalOutlined
+  },
+  props: {
+    resource: {
+      type: Object,
+      required: true
+    }
+  },
+  data () {
+    return {
+      loading: false,
+      zones: {
+        loading: false,
+        opts: []
+      },
+      externals: {
+        loading: false,
+        opts: []
+      },
+      domains: {
+        loading: false,
+        opts: []
+      }
+    }
+  },
+  beforeCreate () {
+    this.apiParams = this.$getApiParams('cloneBackupOffering')
+  },
+  created () {
+    this.initForm()
+    this.fetchData()
+  },
+  methods: {
+    initForm () {
+      this.formRef = ref()
+      this.form = reactive({
+        allowuserdrivenbackups: true
+      })
+      this.rules = reactive({
+        name: [{ required: true, message: this.$t('message.error.required.input') }],
+        description: [{ required: true, message: this.$t('message.error.required.input') }]
+      })
+    },
+    fetchData () {
+      this.fetchZone()
+      this.fetchDomain()
+      this.$nextTick(() => {
+        this.populateFormFromResource()
+      })
+    },
+    fetchZone () {
+      this.zones.loading = true
+      getAPI('listZones', { available: true, showicon: true }).then(json => {
+        this.zones.opts = json.listzonesresponse.zone || []
+        this.$nextTick(() => {
+          this.populateFormFromResource()
+        })
+      }).catch(error => {
+        this.$notifyError(error)
+      }).finally(() => {
+        this.zones.loading = false
+      })
+    },
+    fetchDomain () {
+      this.domains.loading = true
+      const params = { listAll: true, showicon: true, details: 'min' }
+      getAPI('listDomains', params).then(json => {
+        this.domains.opts = json.listdomainsresponse.domain || []
+        this.$nextTick(() => {
+          this.populateFormFromResource()
+        })
+      }).catch(error => {
+        this.$notifyError(error)
+      }).finally(() => {
+        this.domains.loading = false
+      })
+    },
+    fetchExternal (zoneId) {
+      if (!zoneId) {
+        this.externals.opts = []
+        return
+      }
+      this.externals.loading = true
+      getAPI('listBackupProviderOfferings', { zoneid: zoneId }).then(json => {
+        this.externals.opts = json.listbackupproviderofferingsresponse.backupoffering || []
+      }).catch(error => {
+        this.$notifyError(error)
+      }).finally(() => {
+        this.externals.loading = false
+      })
+    },
+    populateFormFromResource () {
+      if (!this.resource) return
+
+      const r = this.resource
+
+      this.form.name = r.name + ' - Clone'
+      this.form.description = r.description || r.name
+
+      if (r.allowuserdrivenbackups !== undefined) {
+        this.form.allowuserdrivenbackups = r.allowuserdrivenbackups
+      }
+
+      if (r.domainid) {
+        let offeringDomainIds = r.domainid
+        offeringDomainIds = (typeof offeringDomainIds === 'string' && offeringDomainIds.indexOf(',') !== -1) ? offeringDomainIds.split(',') : [offeringDomainIds]
+        const selected = []
+        for (let i = 0; i < offeringDomainIds.length; i++) {
+          for (let j = 0; j < this.domains.opts.length; j++) {
+            if (String(offeringDomainIds[i]) === String(this.domains.opts[j].id)) {
+              selected.push(j)
+            }
+          }
+        }
+        if (selected.length > 0) {
+          this.form.ispublic = false
+          this.form.domainid = selected
+        }
+      } else {
+        if (isAdmin()) {
+          this.form.ispublic = true
+        }
+      }
+
+      if (r.zoneid && this.zones.opts.length > 0) {
+        const zone = this.zones.opts.find(z => z.id === r.zoneid)
+        if (zone) {
+          this.form.zoneid = zone.name
+          this.fetchExternal(zone.id)
+        }
+      }
+
+      if (r.externalid) {
+        this.$nextTick(() => {
+          this.form.externalid = r.externalid
+        })
+      }
+    },
+    handleSubmit (e) {
+      if (e) {
+        e.preventDefault()
+      }
+      if (this.loading) return
+
+      this.formRef.value.validate().then(() => {
+        const values = toRaw(this.form)
+        const params = {
+          sourceofferingid: this.resource.id
+        }
+
+        if (values.name) {
+          params.name = values.name
+        }
+
+        if (values.description) {
+          params.description = values.description
+        }
+
+        if (values.zoneid) {
+          const zone = this.zones.opts.find(z => z.name === values.zoneid)
+          if (zone) {
+            params.zoneid = zone.id
+          }
+        }
+
+        if (values.externalid) {
+          params.externalid = values.externalid
+        }
+
+        if (values.allowuserdrivenbackups !== undefined) {
+          params.allowuserdrivenbackups = values.allowuserdrivenbackups
+        }
+
+        // Include selected domain IDs when offering is not public
+        if (values.ispublic !== true) {
+          const domainIndexes = values.domainid
+          let domainId = null
+          if (domainIndexes && domainIndexes.length > 0) {
+            const domainIds = []
+            const domains = this.domains.opts
+            for (let i = 0; i < domainIndexes.length; i++) {
+              domainIds.push(domains[domainIndexes[i]].id)
+            }
+            domainId = domainIds.join(',')
+          }
+          if (domainId) {
+            params.domainid = domainId
+          }
+        }
+
+        this.loading = true
+        const title = this.$t('message.success.clone.backup.offering')
+
+        postAPI('cloneBackupOffering', params).then(json => {
+          const jobId = json.clonebackupofferingresponse?.jobid
+          if (jobId) {
+            this.$pollJob({
+              jobId,
+              title,
+              description: values.name,
+              successMethod: result => {
+                this.$message.success(`${title}: ${values.name}`)
+                this.$emit('refresh-data')
+                this.closeAction()
+              },
+              loadingMessage: `${title} ${this.$t('label.in.progress')} ${this.$t('label.for')} ${params.name}`,
+              catchMessage: this.$t('error.fetching.async.job.result'),
+              catchMethod: () => {
+                this.closeAction()
+              }
+            })
+          } else {
+            this.$message.success(`${title}: ${values.name}`)
+            this.$emit('refresh-data')
+            this.closeAction()
+          }
+        }).catch(error => {
+          this.$notifyError(error)
+        }).finally(() => {
+          this.loading = false
+        })
+      }).catch(error => {
+        this.formRef.value.scrollToField(error.errorFields[0].name)
+      })
+    },
+    onChangeZone (value) {
+      if (!value) {
+        this.externals.opts = []
+        this.form.externalid = null
+        return
+      }
+      const zone = this.zones.opts.find(z => z.name === value)
+      if (zone) {
+        this.fetchExternal(zone.id)
+      }
+    },
+    onChangeIsPublic (value) {
+      // when made public, clear any domain selection
+      try {
+        if (value === true) {
+          this.form.domainid = []
+        }
+      } catch (e) {
+        // ignore
+      }
+    },
+    onChangeDomain (value) {
+      // value is an array of selected indexes (as used in the form), when empty -> make offering public
+      try {
+        if (!value || (Array.isArray(value) && value.length === 0)) {
+          this.form.ispublic = true
+          // clear domain selection to avoid confusing hidden inputs
+          this.form.domainid = []
+        } else {
+          this.form.ispublic = false
+        }
+      } catch (e) {
+        // defensive - do nothing on error
+      }
+    },
+    closeAction () {
+      this.$emit('close-action')
+    },
+    isAdmin () {
+      return isAdmin()
+    }
+  }
+}
+</script>
+
+<style scoped lang="less">
+.form-layout {
+  width: 30vw;
+
+  @media (min-width: 500px) {
+    width: 450px;
+  }
+}
+</style>
diff --git a/ui/src/views/offering/CloneComputeOffering.vue b/ui/src/views/offering/CloneComputeOffering.vue
new file mode 100644
index 000000000000..07ce8852add5
--- /dev/null
+++ b/ui/src/views/offering/CloneComputeOffering.vue
@@ -0,0 +1,674 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+  <div class="form-layout" v-ctrl-enter="handleSubmit">
+    <a-spin :spinning="loading">
+      <a-alert
+         v-if="resource"
+         type="info"
+         style="margin-bottom: 16px">
+        <template #message>
+          <div style="display: block; width: 100%;">
+            <div style="display: block; margin-bottom: 8px;">
+              <strong>{{ $t('message.clone.offering.from') }}: {{ resource.name }}</strong>
+            </div>
+            <div style="display: block; font-size: 12px;">
+              {{ $t('message.clone.offering.edit.hint') }}
+            </div>
+          </div>
+        </template>
+      </a-alert>
+      <ComputeOfferingForm
+        :initialValues="form"
+        :rules="rules"
+        :apiParams="apiParams"
+        :isSystem="isSystem"
+        :isAdmin="isAdmin"
+        :ref="formRef"
+        @submit="handleSubmit">
+
+        <!-- form content is provided by ComputeOfferingForm component -->
+        <template #form-actions>
+          <br/>
+          <div :span="24" class="action-button">
+            <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
+            <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+          </div>
+        </template>
+      </ComputeOfferingForm>
+     </a-spin>
+   </div>
+ </template>
+
+<script>
+import ComputeOfferingForm from '@/components/offering/ComputeOfferingForm'
+import { ref, reactive } from 'vue'
+import { getAPI, postAPI } from '@/api'
+import AddDiskOffering from '@/views/offering/AddDiskOffering'
+import { isAdmin } from '@/role'
+import { mixinForm } from '@/utils/mixin'
+import ResourceIcon from '@/components/view/ResourceIcon'
+import TooltipLabel from '@/components/widgets/TooltipLabel'
+import DetailsInput from '@/components/widgets/DetailsInput'
+import store from '@/store'
+
+export default {
+  name: 'CloneComputeOffering',
+  mixins: [mixinForm],
+  components: {
+    ComputeOfferingForm,
+    AddDiskOffering,
+    ResourceIcon,
+    TooltipLabel,
+    DetailsInput
+  },
+  props: {
+    resource: {
+      type: Object,
+      required: true
+    }
+  },
+  data () {
+    return {
+      isSystem: false,
+      naturalNumberRule: {
+        type: 'number',
+        validator: this.validateNumber
+      },
+      wholeNumberRule: {
+        type: 'number',
+        validator: async (rule, value) => {
+          if (value && (isNaN(value) || value < 0)) {
+            return Promise.reject(this.$t('message.error.number'))
+          }
+          return Promise.resolve()
+        }
+      },
+      storageType: 'shared',
+      provisioningType: 'thin',
+      cacheMode: 'none',
+      offeringType: 'fixed',
+      isCustomizedDiskIops: false,
+      isPublic: true,
+      domains: [],
+      domainLoading: false,
+      zones: [],
+      zoneLoading: false,
+      selectedDeploymentPlanner: null,
+      storagePolicies: null,
+      storageTags: [],
+      storageTagLoading: false,
+      deploymentPlanners: [],
+      deploymentPlannerLoading: false,
+      plannerModeVisible: false,
+      plannerMode: '',
+      selectedGpuCard: '',
+      showDiskOfferingModal: false,
+      gpuCardLoading: false,
+      gpuCards: [],
+      loading: false,
+      dynamicscalingenabled: true,
+      diskofferingstrictness: false,
+      encryptdisk: false,
+      computeonly: true,
+      diskOfferingLoading: false,
+      diskOfferings: [],
+      selectedDiskOfferingId: '',
+      qosType: '',
+      isDomainAdminAllowedToInformTags: false,
+      isLeaseFeatureEnabled: this.$store.getters.features.instanceleaseenabled,
+      showLeaseOptions: false,
+      expiryActions: ['STOP', 'DESTROY'],
+      defaultLeaseDuration: 90,
+      defaultLeaseExpiryAction: 'STOP',
+      leaseduration: undefined,
+      leaseexpiryaction: undefined,
+      vgpuProfiles: [],
+      vgpuProfileLoading: false,
+      externalDetailsEnabled: false
+    }
+  },
+  beforeCreate () {
+    this.apiParams = this.$getApiParams('cloneServiceOffering')
+  },
+  created () {
+    this.zones = [
+      {
+        id: null,
+        name: this.$t('label.all.zone')
+      }
+    ]
+    if (this.$route.meta.name === 'systemoffering') {
+      this.isSystem = true
+    }
+    this.initForm()
+    this.fetchData()
+    this.isPublic = isAdmin()
+    this.form.ispublic = this.isPublic
+  },
+  methods: {
+    initForm () {
+      this.formRef = ref()
+      this.form = reactive({
+        systemvmtype: 'domainrouter',
+        offeringtype: this.offeringType,
+        ispublic: this.isPublic,
+        dynamicscalingenabled: true,
+        plannermode: this.plannerMode,
+        gpucardid: this.selectedGpuCard,
+        vgpuprofile: '',
+        gpucount: '1',
+        gpudisplay: false,
+        computeonly: this.computeonly,
+        storagetype: this.storageType,
+        provisioningtype: this.provisioningType,
+        cachemode: this.cacheMode,
+        qostype: this.qosType,
+        iscustomizeddiskiops: this.isCustomizedDiskIops,
+        diskofferingid: this.selectedDiskOfferingId,
+        diskofferingstrictness: this.diskofferingstrictness,
+        encryptdisk: this.encryptdisk,
+        leaseduration: this.leaseduration,
+        leaseexpiryaction: this.leaseexpiryaction
+      })
+      this.rules = reactive({
+        name: [{ required: true, message: this.$t('message.error.required.input') }],
+        cpunumber: [
+          { required: true, message: this.$t('message.error.required.input') },
+          this.naturalNumberRule
+        ],
+        cpuspeed: [
+          { required: true, message: this.$t('message.error.required.input') },
+          this.wholeNumberRule
+        ],
+        mincpunumber: [
+          { required: true, message: this.$t('message.error.required.input') },
+          this.naturalNumberRule
+        ],
+        maxcpunumber: [
+          { required: true, message: this.$t('message.error.required.input') },
+          this.naturalNumberRule
+        ],
+        memory: [
+          { required: true, message: this.$t('message.error.required.input') },
+          this.naturalNumberRule
+        ],
+        minmemory: [
+          { required: true, message: this.$t('message.error.required.input') },
+          this.naturalNumberRule
+        ],
+        maxmemory: [
+          { required: true, message: this.$t('message.error.required.input') },
+          this.naturalNumberRule
+        ],
+        networkrate: [this.naturalNumberRule],
+        rootdisksize: [this.naturalNumberRule],
+        diskbytesreadrate: [this.naturalNumberRule],
+        diskbyteswriterate: [this.naturalNumberRule],
+        diskiopsreadrate: [this.naturalNumberRule],
+        diskiopswriterate: [this.naturalNumberRule],
+        diskiopsmin: [this.naturalNumberRule],
+        diskiopsmax: [this.naturalNumberRule],
+        hypervisorsnapshotreserve: [this.naturalNumberRule],
+        domainid: [{ type: 'array', required: true, message: this.$t('message.error.select') }],
+        diskofferingid: [{ required: true, message: this.$t('message.error.select') }],
+        gpucount: [{
+          type: 'number',
+          validator: async (rule, value) => {
+            if (value && (isNaN(value) || value < 1)) {
+              return Promise.reject(this.$t('message.error.number.minimum.one'))
+            }
+            return Promise.resolve()
+          }
+        }],
+        zoneid: [{
+          type: 'array',
+          validator: async (rule, value) => {
+            if (value && value.length > 1 && value.indexOf(0) !== -1) {
+              return Promise.reject(this.$t('message.error.zone.combined'))
+            }
+            return Promise.resolve()
+          }
+        }],
+        leaseduration: [this.naturalNumberRule]
+      })
+    },
+    fetchData () {
+      this.fetchDomainData()
+      this.fetchZoneData()
+      this.fetchGPUCards()
+      if (isAdmin()) {
+        this.fetchStorageTagData()
+        this.fetchDeploymentPlannerData()
+      } else if (this.isDomainAdmin()) {
+        this.checkIfDomainAdminIsAllowedToInformTag()
+        if (this.isDomainAdminAllowedToInformTags) {
+          this.fetchStorageTagData()
+        }
+      }
+      this.fetchDiskOfferings()
+      this.populateFormFromResource()
+    },
+    populateFormFromResource () {
+      if (!this.resource) return
+
+      // Pre-fill form with source offering values
+      const r = this.resource
+      this.form.name = r.name + ' - Clone'
+      this.form.displaytext = r.displaytext
+
+      if (r.iscustomized) {
+        if (r.cpunumber || r.cpuspeed || r.memory) {
+          this.offeringType = 'customconstrained'
+          this.form.offeringtype = 'customconstrained'
+        } else {
+          this.offeringType = 'customunconstrained'
+          this.form.offeringtype = 'customunconstrained'
+        }
+      } else {
+        this.offeringType = 'fixed'
+        this.form.offeringtype = 'fixed'
+      }
+
+      if (r.cpunumber) this.form.cpunumber = r.cpunumber
+      if (r.cpuspeed) this.form.cpuspeed = r.cpuspeed
+      if (r.memory) this.form.memory = r.memory
+
+      if (r.mincpunumber) this.form.mincpunumber = r.mincpunumber
+      if (r.maxcpunumber) this.form.maxcpunumber = r.maxcpunumber
+      if (r.minmemory) this.form.minmemory = r.minmemory
+      if (r.maxmemory) this.form.maxmemory = r.maxmemory
+
+      if (r.hosttags) this.form.hosttags = r.hosttags
+      if (r.networkrate) this.form.networkrate = r.networkrate
+      if (r.offerha !== undefined) this.form.offerha = r.offerha
+      if (r.dynamicscalingenabled !== undefined) {
+        this.form.dynamicscalingenabled = r.dynamicscalingenabled
+        this.dynamicscalingenabled = r.dynamicscalingenabled
+      }
+      if (r.limitcpuuse !== undefined) this.form.limitcpuuse = r.limitcpuuse
+      if (r.isvolatile !== undefined) this.form.isvolatile = r.isvolatile
+
+      if (r.storagetype) {
+        this.storageType = r.storagetype
+        this.form.storagetype = r.storagetype
+      }
+      if (r.provisioningtype) {
+        this.provisioningType = r.provisioningtype
+        this.form.provisioningtype = r.provisioningtype
+      }
+      if (r.cachemode) {
+        this.cacheMode = r.cachemode
+        this.form.cachemode = r.cachemode
+      }
+
+      if (r.diskofferingstrictness !== undefined) {
+        this.form.diskofferingstrictness = r.diskofferingstrictness
+        this.diskofferingstrictness = r.diskofferingstrictness
+      }
+      if (r.encryptroot !== undefined) {
+        this.form.encryptdisk = r.encryptroot
+        this.encryptdisk = r.encryptroot
+      }
+
+      if (r.diskBytesReadRate || r.diskBytesWriteRate || r.diskIopsReadRate || r.diskIopsWriteRate) {
+        this.qosType = 'hypervisor'
+        this.form.qostype = 'hypervisor'
+        if (r.diskBytesReadRate) this.form.diskbytesreadrate = r.diskBytesReadRate
+        if (r.diskBytesWriteRate) this.form.diskbyteswriterate = r.diskBytesWriteRate
+        if (r.diskIopsReadRate) this.form.diskiopsreadrate = r.diskIopsReadRate
+        if (r.diskIopsWriteRate) this.form.diskiopswriterate = r.diskIopsWriteRate
+      } else if (r.miniops || r.maxiops) {
+        this.qosType = 'storage'
+        this.form.qostype = 'storage'
+        if (r.miniops) this.form.diskiopsmin = r.miniops
+        if (r.maxiops) this.form.diskiopsmax = r.maxiops
+        if (r.hypervisorsnapshotreserve) this.form.hypervisorsnapshotreserve = r.hypervisorsnapshotreserve
+      }
+      if (r.iscustomizediops !== undefined) {
+        this.form.iscustomizeddiskiops = r.iscustomizediops
+        this.isCustomizedDiskIops = r.iscustomizediops
+      }
+
+      if (r.rootdisksize) this.form.rootdisksize = r.rootdisksize
+
+      if (r.tags) {
+        this.form.storagetags = r.tags.split(',')
+      }
+
+      if (r.gpucardid) {
+        this.form.gpucardid = r.gpucardid
+        this.selectedGpuCard = r.gpucardid
+        if (r.gpucardid) {
+          this.fetchVgpuProfiles(r.gpucardid)
+        }
+      }
+      if (r.vgpuprofileid) this.form.vgpuprofile = r.vgpuprofileid
+      if (r.gpucount) this.form.gpucount = r.gpucount
+      if (r.gpudisplay !== undefined) this.form.gpudisplay = r.gpudisplay
+
+      if (r.leaseduration) {
+        this.form.leaseduration = r.leaseduration
+        this.showLeaseOptions = true
+      }
+      if (r.leaseexpiryaction) this.form.leaseexpiryaction = r.leaseexpiryaction
+
+      if (r.purgeresources !== undefined) this.form.purgeresources = r.purgeresources
+
+      if (r.vspherestoragepolicy) this.form.storagepolicy = r.vspherestoragepolicy
+
+      if (r.systemvmtype) this.form.systemvmtype = r.systemvmtype
+
+      if (r.deploymentplanner) {
+        this.form.deploymentplanner = r.deploymentplanner
+        this.handleDeploymentPlannerChange(r.deploymentplanner)
+      }
+
+      if (r.serviceofferingdetails && Object.keys(r.serviceofferingdetails).length > 0) {
+        this.externalDetailsEnabled = true
+        this.form.externaldetails = r.serviceofferingdetails
+      }
+    },
+    fetchGPUCards () {
+      this.gpuCardLoading = true
+      getAPI('listGpuCards', {
+      }).then(json => {
+        this.gpuCards = json.listgpucardsresponse.gpucard || []
+        this.gpuCards.unshift({
+          id: '',
+          name: this.$t('label.none')
+        })
+      }).finally(() => {
+        this.gpuCardLoading = false
+      })
+    },
+    fetchDiskOfferings () {
+      this.diskOfferingLoading = true
+      getAPI('listDiskOfferings', {
+        listall: true
+      }).then(json => {
+        this.diskOfferings = json.listdiskofferingsresponse.diskoffering || []
+        if (this.selectedDiskOfferingId === '') {
+          this.selectedDiskOfferingId = this.diskOfferings?.[0]?.id || ''
+        }
+      }).finally(() => {
+        this.diskOfferingLoading = false
+      })
+    },
+    isAdmin () {
+      return isAdmin()
+    },
+    isDomainAdmin () {
+      return ['DomainAdmin'].includes(this.$store.getters.userInfo.roletype)
+    },
+    checkIfDomainAdminIsAllowedToInformTag () {
+      const params = { id: store.getters.userInfo.accountid }
+      getAPI('isAccountAllowedToCreateOfferingsWithTags', params).then(json => {
+        this.isDomainAdminAllowedToInformTags = json.isaccountallowedtocreateofferingswithtagsresponse.isallowed.isallowed
+      })
+    },
+    fetchDomainData () {
+      const params = {}
+      params.listAll = true
+      params.showicon = true
+      params.details = 'min'
+      this.domainLoading = true
+      getAPI('listDomains', params).then(json => {
+        const listDomains = json.listdomainsresponse.domain
+        this.domains = this.domains.concat(listDomains)
+      }).finally(() => {
+        this.domainLoading = false
+      })
+    },
+    fetchZoneData () {
+      const params = {}
+      params.showicon = true
+      this.zoneLoading = true
+      getAPI('listZones', params).then(json => {
+        const listZones = json.listzonesresponse.zone
+        if (listZones) {
+          this.zones = this.zones.concat(listZones)
+        }
+      }).finally(() => {
+        this.zoneLoading = false
+      })
+    },
+    fetchStorageTagData () {
+      this.storageTagLoading = true
+      this.storageTags = []
+      getAPI('listStorageTags').then(json => {
+        const tags = json.liststoragetagsresponse.storagetag || []
+        for (const tag of tags) {
+          if (!this.storageTags.includes(tag.name)) {
+            this.storageTags.push(tag.name)
+          }
+        }
+      }).finally(() => {
+        this.storageTagLoading = false
+      })
+    },
+    fetchDeploymentPlannerData () {
+      this.deploymentPlannerLoading = true
+      getAPI('listDeploymentPlanners').then(json => {
+        const planners = json.listdeploymentplannersresponse.deploymentPlanner
+        this.deploymentPlanners = this.deploymentPlanners.concat(planners)
+        this.deploymentPlanners.unshift({ name: '' })
+        this.form.deploymentplanner = this.deploymentPlanners.length > 0 ? this.deploymentPlanners[0].name : ''
+      }).finally(() => {
+        this.deploymentPlannerLoading = false
+      })
+    },
+    handleSubmit (e) {
+      if (e && e.preventDefault) {
+        e.preventDefault()
+      }
+      if (this.loading) return
+
+      this.formRef.value.validate().then((values) => {
+        var params = {
+          issystem: this.isSystem,
+          name: values.name,
+          displaytext: values.displaytext,
+          storagetype: values.storagetype,
+          provisioningtype: values.provisioningtype,
+          cachemode: values.cachemode,
+          customized: values.offeringtype !== 'fixed',
+          offerha: values.offerha === true,
+          limitcpuuse: values.limitcpuuse === true,
+          dynamicscalingenabled: values.dynamicscalingenabled,
+          diskofferingstrictness: values.diskofferingstrictness,
+          encryptroot: values.encryptdisk,
+          purgeresources: values.purgeresources,
+          leaseduration: values.leaseduration,
+          leaseexpiryaction: values.leaseexpiryaction
+        }
+
+        if (values.diskofferingid) {
+          params.diskofferingid = values.diskofferingid
+        }
+
+        if (values.vgpuprofile) {
+          params.vgpuprofileid = values.vgpuprofile
+        }
+        if (values.gpucount && values.gpucount > 0) {
+          params.gpucount = values.gpucount
+        }
+        if (values.gpudisplay !== undefined) {
+          params.gpudisplay = values.gpudisplay
+        }
+
+        if (values.offeringtype === 'fixed') {
+          params.cpunumber = values.cpunumber
+          params.cpuspeed = values.cpuspeed
+          params.memory = values.memory
+        } else {
+          if (values.cpuspeed != null &&
+               values.mincpunumber != null &&
+               values.maxcpunumber != null &&
+               values.minmemory != null &&
+               values.maxmemory != null) {
+            params.cpuspeed = values.cpuspeed
+            params.mincpunumber = values.mincpunumber
+            params.maxcpunumber = values.maxcpunumber
+            params.minmemory = values.minmemory
+            params.maxmemory = values.maxmemory
+          }
+        }
+
+        if (values.networkrate != null && values.networkrate.length > 0) {
+          params.networkrate = values.networkrate
+        }
+        if (values.rootdisksize != null && values.rootdisksize.length > 0) {
+          params.rootdisksize = values.rootdisksize
+        }
+        if (values.qostype === 'storage') {
+          var customIops = values.iscustomizeddiskiops === true
+          params.customizediops = customIops
+          if (!customIops) {
+            if (values.diskiopsmin != null && values.diskiopsmin.length > 0) {
+              params.miniops = values.diskiopsmin
+            }
+            if (values.diskiopsmax != null && values.diskiopsmax.length > 0) {
+              params.maxiops = values.diskiopsmax
+            }
+            if (values.hypervisorsnapshotreserve !== undefined &&
+               values.hypervisorsnapshotreserve != null && values.hypervisorsnapshotreserve.length > 0) {
+              params.hypervisorsnapshotreserve = values.hypervisorsnapshotreserve
+            }
+          }
+        } else if (values.qostype === 'hypervisor') {
+          if (values.diskbytesreadrate != null && values.diskbytesreadrate.length > 0) {
+            params.bytesreadrate = values.diskbytesreadrate
+          }
+          if (values.diskbyteswriterate != null && values.diskbyteswriterate.length > 0) {
+            params.byteswriterate = values.diskbyteswriterate
+          }
+          if (values.diskiopsreadrate != null && values.diskiopsreadrate.length > 0) {
+            params.iopsreadrate = values.diskiopsreadrate
+          }
+          if (values.diskiopswriterate != null && values.diskiopswriterate.length > 0) {
+            params.iopswriterate = values.diskiopswriterate
+          }
+        }
+        if (values.storagetags != null && values.storagetags.length > 0) {
+          var tags = values.storagetags.join(',')
+          params.tags = tags
+        }
+        if (values.hosttags != null && values.hosttags.length > 0) {
+          params.hosttags = values.hosttags
+        }
+        if ('deploymentplanner' in values &&
+           values.deploymentplanner !== undefined &&
+           values.deploymentplanner != null && values.deploymentplanner.length > 0) {
+          params.deploymentplanner = values.deploymentplanner
+        }
+        if ('deploymentplanner' in values &&
+           values.deploymentplanner !== undefined &&
+           values.deploymentplanner === 'ImplicitDedicationPlanner' &&
+           values.plannermode !== undefined &&
+           values.plannermode !== '') {
+          params['serviceofferingdetails[0].key'] = 'ImplicitDedicationMode'
+          params['serviceofferingdetails[0].value'] = values.plannermode
+        }
+        if ('isvolatile' in values && values.isvolatile !== undefined) {
+          params.isvolatile = values.isvolatile === true
+        }
+        if ('systemvmtype' in values && values.systemvmtype !== undefined) {
+          params.systemvmtype = values.systemvmtype
+        }
+
+        if ('leaseduration' in values && values.leaseduration !== undefined) {
+          params.leaseduration = values.leaseduration
+        }
+
+        if ('leaseexpiryaction' in values && values.leaseexpiryaction !== undefined) {
+          params.leaseexpiryaction = values.leaseexpiryaction
+        }
+
+        if (values.ispublic !== true) {
+          var domainIndexes = values.domainid
+          var domainId = null
+          if (domainIndexes && domainIndexes.length > 0) {
+            var domainIds = []
+            for (var i = 0; i < domainIndexes.length; i++) {
+              domainIds = domainIds.concat(this.domains[domainIndexes[i]].id)
+            }
+            domainId = domainIds.join(',')
+          }
+          if (domainId) {
+            params.domainid = domainId
+          }
+        }
+        var zoneIndexes = values.zoneid
+        var zoneId = null
+        if (zoneIndexes && zoneIndexes.length > 0) {
+          var zoneIds = []
+          for (var j = 0; j < zoneIndexes.length; j++) {
+            zoneIds = zoneIds.concat(this.zones[zoneIndexes[j]].id)
+          }
+          zoneId = zoneIds.join(',')
+        }
+        if (zoneId) {
+          params.zoneid = zoneId
+        }
+        if (values.storagepolicy) {
+          params.storagepolicy = values.storagepolicy
+        }
+        if (values.externaldetails) {
+          Object.entries(values.externaldetails).forEach(([key, value]) => {
+            params['externaldetails[0].' + key] = value
+          })
+        }
+
+        params.sourceofferingid = this.resource.id
+        this.loading = true
+        postAPI('cloneServiceOffering', params).then(json => {
+          const message = this.isSystem
+            ? `${this.$t('message.clone.service.offering')}: `
+            : `${this.$t('message.clone.compute.offering')}: `
+          this.$message.success(message + values.name)
+          this.$emit('refresh-data')
+          this.closeAction()
+        }).catch(error => {
+          this.$notifyError(error)
+        }).finally(() => {
+          this.loading = false
+        })
+      })
+    },
+    closeAction () {
+      this.$emit('close-action')
+    },
+    async validateNumber (rule, value) {
+      if (value && (isNaN(value) || value <= 0)) {
+        return Promise.reject(this.$t('message.error.number'))
+      }
+      return Promise.resolve()
+    }
+  }
+}
+</script>
+
+ <style scoped lang="scss">
+  .form-layout {
+    width: 80vw;
+    @media (min-width: 800px) {
+      width: 700px;
+    }
+  }
+</style>
diff --git a/ui/src/views/offering/CloneDiskOffering.vue b/ui/src/views/offering/CloneDiskOffering.vue
new file mode 100644
index 000000000000..3e5ddd6ce84f
--- /dev/null
+++ b/ui/src/views/offering/CloneDiskOffering.vue
@@ -0,0 +1,279 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+  <div class="form-layout" v-ctrl-enter="handleSubmit">
+    <a-spin :spinning="loading">
+      <a-alert
+        v-if="resource"
+        type="info"
+        style="margin-bottom: 16px">
+        <template #message>
+          <div style="display: block; width: 100%;">
+            <div style="display: block; margin-bottom: 8px;">
+              <strong>{{ $t('message.clone.offering.from') }}: {{ resource.name }}</strong>
+            </div>
+            <div style="display: block; font-size: 12px;">
+              {{ $t('message.clone.offering.edit.hint') }}
+            </div>
+          </div>
+        </template>
+      </a-alert>
+      <DiskOfferingForm
+        ref="formRef"
+        :initialValues="form"
+        :apiParams="apiParams"
+        :isAdmin="isAdmin"
+        @submit="handleSubmit">
+        <template #form-actions>
+          <div :span="24" class="action-button">
+            <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
+            <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+          </div>
+        </template>
+      </DiskOfferingForm>
+    </a-spin>
+  </div>
+</template>
+
+<script>
+import DiskOfferingForm from '@/components/offering/DiskOfferingForm'
+import { reactive } from 'vue'
+import { postAPI } from '@/api'
+import { isAdmin } from '@/role'
+
+export default {
+  name: 'CloneDiskOffering',
+  components: {
+    DiskOfferingForm
+  },
+  props: {
+    resource: {
+      type: Object,
+      required: true
+    }
+  },
+  data () {
+    return {
+      formRef: null,
+      form: reactive({}),
+      loading: false
+    }
+  },
+  beforeCreate () {
+    this.apiParams = this.$getApiParams('cloneDiskOffering')
+  },
+  created () {
+    this.populateFormFromResource()
+  },
+  methods: {
+    populateFormFromResource () {
+      if (!this.resource) return
+
+      const r = this.resource
+      this.form.name = r.name + ' - Clone'
+      this.form.displaytext = r.displaytext
+
+      if (r.storagetype) {
+        this.form.storagetype = r.storagetype
+      }
+      if (r.provisioningtype) {
+        this.form.provisioningtype = r.provisioningtype
+      }
+      if (r.customized !== undefined) {
+        this.form.customdisksize = r.customized
+      }
+      if (r.disksize) this.form.disksize = r.disksize
+
+      if (r.cachemode) {
+        this.form.writecachetype = r.cachemode
+      }
+
+      if (r.disksizestrictness !== undefined) {
+        this.form.disksizestrictness = r.disksizestrictness
+      }
+      if (r.encrypt !== undefined) {
+        this.form.encryptdisk = r.encrypt
+      }
+
+      if (r.diskBytesReadRate || r.diskBytesReadRateMax || r.diskBytesWriteRate || r.diskBytesWriteRateMax || r.diskIopsReadRate || r.diskIopsWriteRate) {
+        this.form.qostype = 'hypervisor'
+        if (r.diskBytesReadRate) this.form.diskbytesreadrate = r.diskBytesReadRate
+        if (r.diskBytesReadRateMax) this.form.diskbytesreadratemax = r.diskBytesReadRateMax
+        if (r.diskBytesWriteRate) this.form.diskbyteswriterate = r.diskBytesWriteRate
+        if (r.diskBytesWriteRateMax) this.form.diskbyteswriteratemax = r.diskBytesWriteRateMax
+        if (r.diskIopsReadRate) this.form.diskiopsreadrate = r.diskIopsReadRate
+        if (r.diskIopsWriteRate) this.form.diskiopswriterate = r.diskIopsWriteRate
+      } else if (r.miniops || r.maxiops) {
+        this.form.qostype = 'storage'
+        if (r.miniops) this.form.diskiopsmin = r.miniops
+        if (r.maxiops) this.form.diskiopsmax = r.maxiops
+        if (r.hypervisorsnapshotreserve) this.form.hypervisorsnapshotreserve = r.hypervisorsnapshotreserve
+      }
+      if (r.iscustomizediops !== undefined) {
+        this.form.iscustomizeddiskiops = r.iscustomizediops
+      }
+
+      if (r.tags) {
+        this.form.tags = r.tags.split(',')
+      }
+
+      if (r.vspherestoragepolicy) this.form.storagepolicy = r.vspherestoragepolicy
+    },
+    isAdmin () {
+      return isAdmin()
+    },
+    handleSubmit (e) {
+      if (e && e.preventDefault) {
+        e.preventDefault()
+      }
+      if (this.loading) return
+
+      this.$refs.formRef.validate().then((values) => {
+        const params = {
+          sourceofferingid: this.resource.id,
+          name: values.name
+        }
+
+        if (values.displaytext) {
+          params.displaytext = values.displaytext
+        }
+        if (values.storagetype) {
+          params.storagetype = values.storagetype
+        }
+        if (values.writecachetype) {
+          params.cachemode = values.writecachetype
+        }
+        if (values.provisioningtype) {
+          params.provisioningtype = values.provisioningtype
+        }
+        if (values.customdisksize !== undefined) {
+          params.customized = values.customdisksize
+        }
+        if (values.disksizestrictness !== undefined) {
+          params.disksizestrictness = values.disksizestrictness
+        }
+        if (values.encryptdisk !== undefined) {
+          params.encrypt = values.encryptdisk
+        }
+
+        if (values.customdisksize !== true && values.disksize) {
+          params.disksize = values.disksize
+        }
+
+        if (values.qostype === 'storage') {
+          const customIops = values.iscustomizeddiskiops === true
+          params.customizediops = customIops
+          if (!customIops) {
+            if (values.diskiopsmin != null && values.diskiopsmin.length > 0) {
+              params.miniops = values.diskiopsmin
+            }
+            if (values.diskiopsmax != null && values.diskiopsmax.length > 0) {
+              params.maxiops = values.diskiopsmax
+            }
+            if (values.hypervisorsnapshotreserve != null && values.hypervisorsnapshotreserve.length > 0) {
+              params.hypervisorsnapshotreserve = values.hypervisorsnapshotreserve
+            }
+          }
+        } else if (values.qostype === 'hypervisor') {
+          if (values.diskbytesreadrate != null && values.diskbytesreadrate.length > 0) {
+            params.bytesreadrate = values.diskbytesreadrate
+          }
+          if (values.diskbytesreadratemax != null && values.diskbytesreadratemax.length > 0) {
+            params.bytesreadratemax = values.diskbytesreadratemax
+          }
+          if (values.diskbyteswriterate != null && values.diskbyteswriterate.length > 0) {
+            params.byteswriterate = values.diskbyteswriterate
+          }
+          if (values.diskbyteswriteratemax != null && values.diskbyteswriteratemax.length > 0) {
+            params.byteswriteratemax = values.diskbyteswriteratemax
+          }
+          if (values.diskiopsreadrate != null && values.diskiopsreadrate.length > 0) {
+            params.iopsreadrate = values.diskiopsreadrate
+          }
+          if (values.diskiopswriterate != null && values.diskiopswriterate.length > 0) {
+            params.iopswriterate = values.diskiopswriterate
+          }
+        }
+
+        if (values.tags != null && values.tags.length > 0) {
+          const tags = values.tags.join(',')
+          params.tags = tags
+        }
+
+        if (values.ispublic !== true) {
+          const domainIndexes = values.domainid
+          let domainId = null
+          if (domainIndexes && domainIndexes.length > 0) {
+            const domainIds = []
+            const domains = this.$refs.formRef.domains
+            for (let i = 0; i < domainIndexes.length; i++) {
+              domainIds.push(domains[domainIndexes[i]].id)
+            }
+            domainId = domainIds.join(',')
+          }
+          if (domainId) {
+            params.domainid = domainId
+          }
+        }
+
+        const zoneIndexes = values.zoneid
+        let zoneId = null
+        if (zoneIndexes && zoneIndexes.length > 0) {
+          const zoneIds = []
+          const zones = this.$refs.formRef.zones
+          for (let j = 0; j < zoneIndexes.length; j++) {
+            zoneIds.push(zones[zoneIndexes[j]].id)
+          }
+          zoneId = zoneIds.join(',')
+        }
+        if (zoneId) {
+          params.zoneid = zoneId
+        }
+
+        if (values.storagepolicy) {
+          params.storagepolicy = values.storagepolicy
+        }
+
+        this.loading = true
+        postAPI('cloneDiskOffering', params).then(json => {
+          this.$message.success(`${this.$t('message.success.clone.disk.offering')} ${values.name}`)
+          this.$emit('refresh-data')
+          this.closeAction()
+        }).catch(error => {
+          this.$notifyError(error)
+        }).finally(() => {
+          this.loading = false
+        })
+      })
+    },
+    closeAction () {
+      this.$emit('close-action')
+    }
+  }
+}
+</script>
+
+<style scoped lang="less">
+  .form-layout {
+    width: 80vw;
+
+    @media (min-width: 700px) {
+      width: 550px;
+    }
+  }
+</style>
diff --git a/ui/src/views/offering/CloneNetworkOffering.vue b/ui/src/views/offering/CloneNetworkOffering.vue
new file mode 100644
index 000000000000..0cd5e733b24f
--- /dev/null
+++ b/ui/src/views/offering/CloneNetworkOffering.vue
@@ -0,0 +1,1430 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+  <div class="form-layout" v-ctrl-enter="handleSubmit">
+    <a-spin :spinning="loading">
+      <a-alert
+        v-if="resource"
+        type="info"
+        style="margin-bottom: 16px">
+        <template #message>
+          <div style="display: block; width: 100%;">
+            <div style="display: block; margin-bottom: 8px;">
+              <strong>{{ $t('message.clone.offering.from') }}: {{ resource.name }}</strong>
+            </div>
+            <div style="display: block; font-size: 12px;">
+              {{ $t('message.clone.offering.edit.hint') }}
+            </div>
+          </div>
+        </template>
+      </a-alert>
+      <a-form
+        :ref="formRef"
+        :model="form"
+        :rules="rules"
+        @finish="handleSubmit"
+        layout="vertical"
+      >
+        <a-form-item name="name" ref="name">
+          <template #label>
+            <tooltip-label :title="$t('label.name')" :tooltip="apiParams.name.description"/>
+          </template>
+          <a-input
+            v-focus="true"
+            v-model:value="form.name"
+            :placeholder="apiParams.name.description"/>
+        </a-form-item>
+        <a-form-item name="displaytext" ref="displaytext">
+          <template #label>
+            <tooltip-label :title="$t('label.displaytext')" :tooltip="apiParams.displaytext.description"/>
+          </template>
+          <a-input
+            v-model:value="form.displaytext"
+            :placeholder="apiParams.displaytext.description"/>
+        </a-form-item>
+        <a-form-item name="guestiptype" ref="guestiptype">
+          <template #label>
+            <tooltip-label :title="$t('label.guestiptype')" :tooltip="apiParams.guestiptype.description"/>
+          </template>
+          <a-radio-group
+            v-model:value="form.guestiptype"
+            buttonStyle="solid"
+            @change="selected => { handleGuestTypeChange(selected.target.value) }">
+            <a-radio-button value="isolated">
+              {{ $t('label.isolated') }}
+            </a-radio-button>
+            <a-radio-button value="l2">
+              {{ $t('label.l2') }}
+            </a-radio-button>
+            <a-radio-button value="shared">
+              {{ $t('label.shared') }}
+            </a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item name="internetprotocol" ref="internetprotocol" v-if="guestType === 'isolated'">
+          <template #label>
+            <tooltip-label :title="$t('label.internetprotocol')" :tooltip="apiParams.internetprotocol.description"/>
+          </template>
+          <span v-if="!ipv6NetworkOfferingEnabled || internetProtocolValue!=='ipv4'">
+            <a-alert type="warning">
+              <template #message>
+                <span v-html="ipv6NetworkOfferingEnabled ? $t('message.offering.internet.protocol.warning') : $t('message.offering.ipv6.warning')" />
+              </template>
+            </a-alert>
+            <br/>
+          </span>
+          <a-radio-group
+            v-model:value="form.internetprotocol"
+            :disabled="!ipv6NetworkOfferingEnabled"
+            buttonStyle="solid"
+            @change="e => { internetProtocolValue = e.target.value }">
+            <a-radio-button value="ipv4">
+              {{ $t('label.ip.v4') }}
+            </a-radio-button>
+            <a-radio-button value="dualstack">
+              {{ $t('label.ip.v4.v6') }}
+            </a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-row :gutter="12">
+          <a-col :md="12" :lg="12">
+            <a-form-item name="forvpc" ref="forvpc" v-if="guestType === 'isolated'">
+              <template #label>
+                <tooltip-label :title="$t('label.vpc')" :tooltip="apiParams.forvpc.description"/>
+              </template>
+              <a-switch v-model:checked="form.forvpc" @change="handleForVpcChange" />
+            </a-form-item>
+          </a-col>
+          <a-col :md="12" :lg="12">
+            <a-form-item name="provider" ref="provider">
+              <template #label>
+                <tooltip-label :title="$t('label.provider')" :tooltip="apiParams.provider.description"/>
+              </template>
+              <a-select
+                v-model:value="form.provider"
+                disabled
+                showSearch
+                optionFilterProp="label"
+                :filterOption="(input, option) => {
+                  return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+                }"
+                :placeholder="apiParams.provider.description">
+                <a-select-option key="" value="">{{ $t('label.none') }}</a-select-option>
+                <a-select-option :value="'NSX'" :label="$t('label.nsx')">{{ $t('label.nsx') }}</a-select-option>
+                <a-select-option :value="'Netris'" :label="$t('label.netris')">{{ $t('label.netris') }}</a-select-option>
+              </a-select>
+            </a-form-item>
+          </a-col>
+        </a-row>
+        <!-- NSX specific toggles (mirror AddNetworkOffering.vue) -->
+        <a-row :gutter="12" v-if="form.provider === 'NSX'">
+          <a-col :md="12" :lg="12">
+            <a-form-item name="nsxsupportlb" ref="nsxsupportlb" v-if="guestType === 'isolated'">
+              <template #label>
+                <tooltip-label :title="$t('label.nsx.supports.lb')" :tooltip="apiParams.nsxsupportlb.description"/>
+              </template>
+              <a-switch v-model:checked="form.nsxsupportlb" @change="val => { handleNsxLbService(val) }" />
+            </a-form-item>
+          </a-col>
+          <a-col :md="12" :lg="12" v-if="form.nsxsupportlb && form.forvpc">
+            <a-form-item name="nsxsupportsinternallb" ref="nsxsupportsinternallb" v-if="guestType === 'isolated'">
+              <template #label>
+                <tooltip-label :title="$t('label.nsx.supports.internal.lb')" :tooltip="apiParams.nsxsupportsinternallb.description"/>
+              </template>
+              <a-switch v-model:checked="form.nsxsupportsinternallb"/>
+            </a-form-item>
+          </a-col>
+        </a-row>
+        <a-form-item name="networkmode" ref="networkmode" v-if="guestType === 'isolated' && form.provider">
+          <template #label>
+            <tooltip-label :title="$t('label.networkmode')" :tooltip="apiParams.networkmode.description"/>
+          </template>
+          <a-select
+            v-model:value="form.networkmode"
+            @change="val => { handleForNetworkModeChange(val) }"
+            :disabled="provider === 'NSX' || provider === 'Netris'"
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :placeholder="apiParams.networkmode.description">
+            <a-select-option value="NATTED" :label="'NATTED'">NATTED</a-select-option>
+            <a-select-option value="ROUTED" :label="'ROUTED'">ROUTED</a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="routingmode" ref="routingmode" v-if="networkmode === 'ROUTED' || internetProtocolValue === 'ipv6' || internetProtocolValue === 'dualstack'">
+          <template #label>
+            <tooltip-label :title="$t('label.routingmode')" :tooltip="apiParams.routingmode.description"/>
+          </template>
+          <a-radio-group
+            v-model:value="form.routingmode"
+            buttonStyle="solid"
+            @change="selected => { routingMode = selected.target.value }">
+            <a-radio-button value="static">
+              {{ $t('label.static') }}
+            </a-radio-button>
+            <a-radio-button value="dynamic">
+              {{ $t('label.dynamic') }}
+            </a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item name="userdatal2" ref="userdatal2" :label="$t('label.user.data')" v-if="guestType === 'l2'">
+          <a-switch v-model:checked="form.userdatal2" />
+        </a-form-item>
+        <a-form-item name="networkrate" ref="networkrate">
+          <template #label>
+            <tooltip-label :title="$t('label.networkrate')" :tooltip="apiParams.networkrate.description"/>
+          </template>
+          <a-input
+            v-model:value="form.networkrate"
+            :placeholder="apiParams.networkrate.description"/>
+        </a-form-item>
+        <a-row :gutter="12">
+          <a-col :md="12" :lg="12">
+            <a-form-item name="specifyvlan" ref="specifyvlan">
+              <template #label>
+                <tooltip-label :title="$t('label.specifyvlan')" :tooltip="apiParams.specifyvlan.description"/>
+              </template>
+              <a-switch v-model:checked="form.specifyvlan" />
+            </a-form-item>
+          </a-col>
+          <a-col :md="12" :lg="12">
+            <a-form-item name="ispersistent" ref="ispersistent" v-if="guestType !== 'shared'">
+              <template #label>
+                <tooltip-label :title="$t('label.ispersistent')" :tooltip="apiParams.ispersistent.description"/>
+              </template>
+              <a-switch v-model:checked="form.ispersistent" />
+            </a-form-item>
+          </a-col>
+        </a-row>
+        <a-row :gutter="12">
+          <a-col :md="12" :lg="12">
+            <a-form-item name="promiscuousmode" ref="promiscuousmode">
+              <template #label>
+                <tooltip-label :title="$t('label.promiscuousmode')" :tooltip="$t('message.network.offering.promiscuous.mode')"/>
+              </template>
+              <a-radio-group
+                v-model:value="form.promiscuousmode"
+                buttonStyle="solid">
+                <a-radio-button value="">
+                  {{ $t('label.none') }}
+                </a-radio-button>
+                <a-radio-button value="true">
+                  {{ $t('label.accept') }}
+                </a-radio-button>
+                <a-radio-button value="false">
+                  {{ $t('label.reject') }}
+                </a-radio-button>
+              </a-radio-group>
+            </a-form-item>
+            <a-form-item name="macaddresschanges" ref="macaddresschanges">
+              <template #label>
+                <tooltip-label :title="$t('label.macaddresschanges')" :tooltip="$t('message.network.offering.mac.address.changes')"/>
+              </template>
+              <a-radio-group
+                v-model:value="form.macaddresschanges"
+                buttonStyle="solid">
+                <a-radio-button value="">
+                  {{ $t('label.none') }}
+                </a-radio-button>
+                <a-radio-button value="true">
+                  {{ $t('label.accept') }}
+                </a-radio-button>
+                <a-radio-button value="false">
+                  {{ $t('label.reject') }}
+                </a-radio-button>
+              </a-radio-group>
+            </a-form-item>
+          </a-col>
+          <a-col :md="12" :lg="12">
+            <a-form-item name="forgedtransmits" ref="forgedtransmits">
+              <template #label>
+                <tooltip-label :title="$t('label.forgedtransmits')" :tooltip="$t('message.network.offering.forged.transmits')"/>
+              </template>
+              <a-radio-group
+                v-model:value="form.forgedtransmits"
+                buttonStyle="solid">
+                <a-radio-button value="">
+                  {{ $t('label.none') }}
+                </a-radio-button>
+                <a-radio-button value="true">
+                  {{ $t('label.accept') }}
+                </a-radio-button>
+                <a-radio-button value="false">
+                  {{ $t('label.reject') }}
+                </a-radio-button>
+              </a-radio-group>
+            </a-form-item>
+            <a-form-item name="maclearning" ref="maclearning">
+              <template #label>
+                <tooltip-label :title="$t('label.maclearning')" :tooltip="$t('message.network.offering.mac.learning')"/>
+              </template>
+              <span v-if="form.maclearning !== ''">
+                <a-alert type="warning">
+                  <template #message>
+                    <div v-html="$t('message.network.offering.mac.learning.warning')"></div>
+                  </template>
+                </a-alert>
+                <br/>
+              </span>
+              <a-radio-group
+                v-model:value="form.maclearning"
+                buttonStyle="solid">
+                <a-radio-button value="">
+                  {{ $t('label.none') }}
+                </a-radio-button>
+                <a-radio-button value="true">
+                  {{ $t('label.accept') }}
+                </a-radio-button>
+                <a-radio-button value="false">
+                  {{ $t('label.reject') }}
+                </a-radio-button>
+              </a-radio-group>
+            </a-form-item>
+          </a-col>
+        </a-row>
+        <a-form-item v-if="guestType !== 'l2'">
+          <template #label>
+            <tooltip-label :title="$t('label.supportedservices')" :tooltip="apiParams.supportedservices ? apiParams.supportedservices.description : ''"/>
+          </template>
+          <div class="supported-services-container" scroll-to="last-child">
+            <a-spin v-if="!servicesReady" :spinning="true" />
+            <a-list v-else itemLayout="horizontal" :dataSource="supportedServices">
+              <template #renderItem="{item}">
+                <a-list-item>
+                  <CheckBoxSelectPair
+                    :key="`${item.name}-${item.selectedProvider || 'none'}-${item.defaultChecked}`"
+                    :resourceKey="item.name"
+                    :checkBoxLabel="item.description"
+                    :forExternalNetProvider="form.provider === 'NSX' || form.provider === 'Netris'"
+                    :defaultCheckBoxValue="item.defaultChecked"
+                    :defaultSelectValue="item.selectedProvider"
+                    :selectOptions="item.provider"
+                    @handle-checkselectpair-change="handleSupportedServiceChange"/>
+                </a-list-item>
+              </template>
+            </a-list>
+          </div>
+        </a-form-item>
+        <a-form-item name="lbtype" ref="lbtype" :label="$t('label.lbtype')" v-if="forVpc && lbServiceChecked">
+          <a-radio-group
+            v-model:value="form.lbtype"
+            buttonStyle="solid"
+            @change="e => { handleLbTypeChange(e.target.value) }" >
+            <a-radio-button value="publicLb">
+              {{ $t('label.public.lb') }}
+            </a-radio-button>
+            <a-radio-button value="internalLb">
+              {{ $t('label.internal.lb') }}
+            </a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item name="serviceofferingid" ref="serviceofferingid" v-if="guestType !== 'l2' && isVirtualRouterForAtLeastOneService">
+          <template #label>
+            <tooltip-label :title="$t('label.serviceofferingid')" :tooltip="apiParams.serviceofferingid.description"/>
+          </template>
+          <a-select
+            showSearch
+            optionFilterProp="label"
+            v-model:value="form.serviceofferingid"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="apiParams.serviceofferingid.description">
+            <a-select-option
+              v-for="(offering, index) in serviceOfferings"
+              :value="offering.id"
+              :label="offering.displaytext || offering.name"
+              :key="index">
+              {{ offering.displaytext || offering.name }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item
+          name="redundantroutercapability"
+          ref="redundantroutercapability"
+          :label="$t('label.redundantrouter')"
+          v-if="(guestType === 'shared' || guestType === 'isolated') && sourceNatServiceChecked && !isVpcVirtualRouterForAtLeastOneService">
+          <a-switch v-model:checked="form.redundantroutercapability" />
+        </a-form-item>
+        <a-form-item name="sourcenattype" ref="sourcenattype" :label="$t('label.sourcenattype')" v-if="(guestType === 'shared' || guestType === 'isolated') && sourceNatServiceChecked">
+          <a-radio-group
+            v-model:value="form.sourcenattype"
+            buttonStyle="solid">
+            <a-radio-button value="peraccount">
+              {{ $t('label.per.account') }}
+            </a-radio-button>
+            <a-radio-button value="perzone">
+              {{ $t('label.per.zone') }}
+            </a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item
+          name="vmautoscalingcapability"
+          ref="vmautoscalingcapability"
+          :label="$t('label.supportsvmautoscaling')"
+          v-if="lbServiceChecked && ['Netscaler', 'VirtualRouter', 'VpcVirtualRouter'].includes(lbServiceProvider)">
+          <a-switch v-model:checked="form.vmautoscalingcapability" />
+        </a-form-item>
+        <a-form-item
+          name="elasticlb"
+          ref="elasticlb"
+          :label="$t('label.service.lb.elasticlbcheckbox')"
+          v-if="guestType === 'shared' && lbServiceChecked && lbServiceProvider === 'Netscaler'">
+          <a-switch v-model:checked="form.elasticlb" />
+        </a-form-item>
+        <a-form-item
+          name="inlinemode"
+          ref="inlinemode"
+          :label="$t('label.service.lb.inlinemodedropdown')"
+          v-if="['shared', 'isolated'].includes(guestType) && lbServiceChecked && firewallServiceChecked && ['F5BigIp', 'Netscaler'].includes(lbServiceProvider) && ['JuniperSRX'].includes(firewallServiceProvider)">
+          <a-radio-group
+            v-model:value="form.inlinemode"
+            buttonStyle="solid">
+            <a-radio-button value="false">
+              {{ $t('side.by.side') }}
+            </a-radio-button>
+            <a-radio-button value="true">
+              {{ $t('inline') }}
+            </a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item
+          name="netscalerservicepackages"
+          ref="netscalerservicepackages"
+          :label="$t('label.service.lb.netscaler.servicepackages')"
+          v-if="(guestType === 'shared' || guestType === 'isolated') && lbServiceChecked && lbServiceProvider === 'Netscaler'">
+          <a-select
+            v-model:value="form.netscalerservicepackages"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="registeredServicePackageLoading"
+            :placeholder="$t('label.service.lb.netscaler.servicepackages')">
+            <a-select-option v-for="(opt, optIndex) in registeredServicePackages" :key="optIndex" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item
+          name="netscalerservicepackagesdescription"
+          ref="netscalerservicepackagesdescription"
+          :label="$t('label.service.lb.netscaler.servicepackages.description')"
+          v-if="(guestType === 'shared' || guestType === 'isolated') && lbServiceChecked && lbServiceProvider === 'Netscaler'">
+          <a-input
+            v-model:value="form.netscalerservicepackagesdescription"
+            :placeholder="$t('label.service.lb.netscaler.servicepackages.description')"/>
+        </a-form-item>
+        <a-form-item
+          name="elasticip"
+          ref="elasticip"
+          :label="$t('label.service.staticnat.elasticipcheckbox')"
+          v-if="guestType === 'shared' && staticNatServiceChecked && staticNatServiceProvider === 'Netscaler'">
+          <a-switch v-model:checked="form.elasticip" />
+        </a-form-item>
+        <a-form-item
+          name="associatepublicip"
+          ref="associatepublicip"
+          :label="$t('label.service.staticnat.associatepublicip')"
+          v-if="isElasticIp && staticNatServiceChecked && staticNatServiceProvider === 'Netscaler'">
+          <a-switch v-model:checked="form.associatepublicip" />
+        </a-form-item>
+        <a-form-item
+          name="supportsstrechedl2subnet"
+          ref="supportsstrechedl2subnet"
+          :label="$t('label.supportsstrechedl2subnet')"
+          v-if="connectivityServiceChecked">
+          <a-switch v-model:checked="form.supportsstrechedl2subnet" />
+        </a-form-item>
+        <a-form-item
+          name="conservemode"
+          ref="conservemode"
+          v-if="guestType === 'shared' || guestType === 'isolated'">
+          <template #label>
+            <tooltip-label :title="$t('label.conservemode')" :tooltip="apiParams.conservemode.description"/>
+          </template>
+          <a-switch v-model:checked="form.conservemode" />
+        </a-form-item>
+        <a-form-item name="tags" ref="tags">
+          <template #label>
+            <tooltip-label :title="$t('label.tags')" :tooltip="apiParams.tags.description"/>
+          </template>
+          <a-input
+            v-model:value="form.tags"
+            :placeholder="apiParams.tags.description"/>
+        </a-form-item>
+        <a-form-item name="availability" ref="availability" v-if="requiredNetworkOfferingExists && guestType === 'isolated' && sourceNatServiceChecked">
+          <template #label>
+            <tooltip-label :title="$t('label.availability')" :tooltip="apiParams.availability.description"/>
+          </template>
+          <a-radio-group
+            v-model:value="form.availability"
+            buttonStyle="solid">
+            <a-radio-button value="Optional">
+              {{ $t('label.optional') }}
+            </a-radio-button>
+            <a-radio-button value="Required">
+              {{ $t('label.required') }}
+            </a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item name="egressdefaultpolicy" ref="egressdefaultpolicy">
+          <template #label>
+            <tooltip-label :title="$t('label.egressdefaultpolicy')" :tooltip="apiParams.egressdefaultpolicy.description"/>
+          </template>
+          <a-radio-group
+            v-model:value="form.egressdefaultpolicy"
+            buttonStyle="solid">
+            <a-radio-button value="allow">
+              {{ $t('label.allow') }}
+            </a-radio-button>
+            <a-radio-button value="deny">
+              {{ $t('label.deny') }}
+            </a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item name="specifyipranges" ref="specifyipranges">
+          <template #label>
+            <tooltip-label :title="$t('label.specifyipranges')" :tooltip="apiParams.specifyipranges.description"/>
+          </template>
+          <a-switch v-model:checked="form.specifyipranges"/>
+        </a-form-item>
+        <a-form-item name="ispublic" ref="ispublic" :label="$t('label.ispublic')" v-show="isAdmin()">
+          <a-switch v-model:checked="form.ispublic" @change="val => { isPublic = val }" />
+        </a-form-item>
+        <a-form-item name="domainid" ref="domainid" v-if="!isPublic">
+          <template #label>
+            <tooltip-label :title="$t('label.domainid')" :tooltip="apiParams.domainid.description"/>
+          </template>
+          <a-select
+            mode="multiple"
+            v-model:value="form.domainid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="domainLoading"
+            :placeholder="apiParams.domainid.description">
+            <a-select-option v-for="(opt, optIndex) in domains" :key="optIndex" :label="opt.path || opt.name || opt.description">
+              <span>
+                <resource-icon v-if="opt && opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
+                <block-outlined v-else style="margin-right: 5px" />
+                {{ opt.path || opt.name || opt.description }}
+              </span>
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="zoneid" ref="zoneid">
+          <template #label>
+            <tooltip-label :title="$t('label.zoneid')" :tooltip="apiParams.zoneid.description"/>
+          </template>
+          <a-select
+            mode="multiple"
+            v-model:value="form.zoneid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="zoneLoading"
+            :placeholder="apiParams.zoneid.description">
+            <a-select-option v-for="(opt, optIndex) in zones" :key="optIndex" :label="opt.name || opt.description">
+              <span>
+                <resource-icon v-if="opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
+                <global-outlined v-else style="margin-right: 5px"/>
+                {{ opt.name || opt.description }}
+              </span>
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="enable" ref="enable" v-if="apiParams.enable">
+          <template #label>
+            <tooltip-label :title="$t('label.enable.network.offering')" :tooltip="apiParams.enable.description"/>
+          </template>
+          <a-switch v-model:checked="form.enable"/>
+        </a-form-item>
+        <div :span="24" class="action-button">
+          <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
+          <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+        </div>
+      </a-form>
+    </a-spin>
+  </div>
+</template>
+
+<script>
+import { ref, reactive, toRaw } from 'vue'
+import { getAPI, postAPI } from '@/api'
+import { isAdmin } from '@/role'
+import { mixinForm } from '@/utils/mixin'
+import ResourceIcon from '@/components/view/ResourceIcon'
+import TooltipLabel from '@/components/widgets/TooltipLabel'
+import CheckBoxSelectPair from '@/components/CheckBoxSelectPair'
+import { BlockOutlined, GlobalOutlined } from '@ant-design/icons-vue'
+import { buildServiceCapabilityParams } from '@/composables/useServiceCapabilityParams'
+
+export default {
+  name: 'CloneNetworkOffering',
+  mixins: [mixinForm],
+  components: {
+    ResourceIcon,
+    TooltipLabel,
+    CheckBoxSelectPair,
+    BlockOutlined,
+    GlobalOutlined
+  },
+  props: {
+    resource: {
+      type: Object,
+      required: true
+    }
+  },
+  data () {
+    return {
+      loading: false,
+      VPCVR: {
+        name: 'VPCVirtualRouter',
+        description: 'VPCVirtualRouter',
+        enabled: true
+      },
+      VR: {
+        name: 'VirtualRouter',
+        description: 'VirtualRouter',
+        enabled: true
+      },
+      NSX: {
+        name: 'Nsx',
+        description: 'Nsx',
+        enabled: true
+      },
+      Netris: {
+        name: 'Netris',
+        description: 'Netris',
+        enabled: true
+      },
+      nsxSupportedServicesMap: {},
+      netrisSupportedServicesMap: {},
+      // supported services backup
+      supportedSvcs: [],
+      guestType: 'isolated',
+      forVpc: false,
+      provider: '',
+      networkmode: '',
+      routingMode: 'static',
+      internetProtocolValue: 'ipv4',
+      networkmodes: [
+        {
+          id: 0,
+          name: 'NATTED'
+        },
+        {
+          id: 1,
+          name: 'ROUTED'
+        }
+      ],
+      supportedServices: [],
+      supportedServiceLoading: false,
+      servicesReady: false,
+      selectedServiceProviderMap: {},
+      serviceProviderMap: {},
+      serviceOfferings: [],
+      serviceOfferingLoading: false,
+      isVirtualRouterForAtLeastOneService: false,
+      isVpcVirtualRouterForAtLeastOneService: false,
+      requiredNetworkOfferingExists: false,
+      sourceNatServiceChecked: false,
+      lbServiceChecked: false,
+      lbServiceProvider: '',
+      firewallServiceChecked: false,
+      firewallServiceProvider: '',
+      staticNatServiceChecked: false,
+      staticNatServiceProvider: '',
+      connectivityServiceChecked: false,
+      isElasticIp: false,
+      registeredServicePackages: [],
+      registeredServicePackageLoading: false,
+      isPublic: true,
+      domains: [],
+      domainLoading: false,
+      zones: [],
+      zoneLoading: false,
+      ipv6NetworkOfferingEnabled: false
+    }
+  },
+  beforeCreate () {
+    this.apiParams = this.$getApiParams('cloneNetworkOffering')
+  },
+  watch: {
+    'form.elasticip' (newVal) {
+      this.isElasticIp = newVal
+    }
+  },
+  async created () {
+    this.zones = [
+      {
+        id: null,
+        name: this.$t('label.all.zone')
+      }
+    ]
+    this.isPublic = isAdmin()
+    this.initForm()
+    await this.checkRequiredNetworkOfferingExists()
+    this.fetchSupportedServices()
+    this.fetchServiceOfferingData()
+    this.fetchDomainData()
+    this.fetchZoneData()
+    this.fetchIpv6NetworkOfferingConfiguration()
+  },
+  methods: {
+    initForm () {
+      this.formRef = ref()
+      this.form = reactive({
+        guestiptype: this.guestType,
+        internetprotocol: 'ipv4',
+        forvpc: false,
+        provider: '',
+        networkmode: '',
+        routingmode: 'static',
+        lbtype: 'publicLb',
+        userdatal2: false,
+        availability: 'Optional',
+        conservemode: true,
+        ispersistent: false,
+        specifyvlan: false,
+        specifyipranges: false,
+        egressdefaultpolicy: 'deny',
+        enable: false,
+        promiscuousmode: '',
+        macaddresschanges: '',
+        forgedtransmits: '',
+        maclearning: '',
+        ispublic: this.isPublic,
+        domainid: [],
+        zoneid: [],
+        redundantroutercapability: false,
+        sourcenattype: 'peraccount',
+        vmautoscalingcapability: true,
+        elasticlb: false,
+        inlinemode: 'false',
+        elasticip: false,
+        associatepublicip: false,
+        supportsstrechedl2subnet: false,
+        isolation: 'dedicated',
+        netscalerservicepackages: null,
+        netscalerservicepackagesdescription: '',
+        nsxsupportlb: true,
+        nsxsupportsinternallb: false
+      })
+      this.rules = reactive({
+        name: [{ required: true, message: this.$t('message.error.required.input') }],
+        networkrate: [{
+          validator: async (rule, value) => {
+            if (value && (isNaN(value) || value < 0)) {
+              return Promise.reject(this.$t('message.validate.number'))
+            }
+            return Promise.resolve()
+          }
+        }],
+        domainid: [{ type: 'array', required: true, message: this.$t('message.error.select') }],
+        zoneid: [{
+          type: 'array',
+          validator: async (rule, value) => {
+            if (value && value.length > 1 && value.indexOf(0) !== -1) {
+              return Promise.reject(this.$t('message.error.zone.combined'))
+            }
+            return Promise.resolve()
+          }
+        }]
+      })
+    },
+    fetchServiceOfferingData () {
+      this.serviceOfferingLoading = true
+      getAPI('listServiceOfferings', { issystem: true, systemvmtype: 'domainrouter' }).then(json => {
+        this.serviceOfferings = json.listserviceofferingsresponse.serviceoffering || []
+      }).finally(() => {
+        this.serviceOfferingLoading = false
+      })
+    },
+    fetchSupportedServices () {
+      this.supportedServiceLoading = true
+      getAPI('listSupportedNetworkServices', {}).then(json => {
+        this.supportedServices = json.listsupportednetworkservicesresponse.networkservice || []
+
+        for (const i in this.supportedServices) {
+          const networkServiceObj = this.supportedServices[i]
+          const serviceName = networkServiceObj.name
+          const serviceDisplayName = serviceName
+
+          const providers = []
+          for (const j in this.supportedServices[i].provider) {
+            const provider = this.supportedServices[i].provider[j]
+            providers.push({
+              name: provider.name,
+              enabled: true
+            })
+          }
+
+          this.supportedServices[i].provider = providers
+          this.supportedServices[i].description = serviceDisplayName
+        }
+
+        this.supportedSvcs = this.supportedServices.slice()
+        this.populateFormFromResource()
+        this.updateSupportedServices()
+      }).finally(() => {
+        this.supportedServiceLoading = false
+      })
+    },
+    handleLbTypeChange (lbType) {
+      this.lbType = lbType
+      // Enable InternalLbVm provider for Lb service if internalLb is selected
+      if (lbType === 'internalLb') {
+        this.supportedServices = this.supportedServices.map(svc => {
+          if (svc.name === 'Lb') {
+            const providers = svc.provider.map(provider => {
+              provider.enabled = provider.name === 'InternalLbVm'
+              this.lbServiceProvider = provider
+              return provider
+            })
+            return { ...svc, provider: providers, defaultChecked: true, selectedProvider: 'InternalLbVm' }
+          }
+          return svc
+        })
+        this.selectedServiceProviderMap.Lb = 'InternalLbVm'
+      } else {
+        // Revert to default providers for Lb service
+        this.supportedServices = this.supportedServices.map(svc => {
+          if (svc.name === 'Lb') {
+            const providers = svc.provider.map(provider => {
+              provider.enabled = provider.name !== 'InternalLbVm'
+              return provider
+            })
+            // Pick the first enabled provider as selected
+            const firstEnabled = providers.find(p => p.enabled)
+            return { ...svc, provider: providers, defaultChecked: !!firstEnabled, selectedProvider: firstEnabled ? firstEnabled.name : null }
+          }
+          return svc
+        })
+        // Update selectedServiceProviderMap for Lb
+        const lbSvc = this.supportedServices.find(svc => svc.name === 'Lb')
+        if (lbSvc && lbSvc.selectedProvider) {
+          this.selectedServiceProviderMap.Lb = lbSvc.selectedProvider
+        } else {
+          delete this.selectedServiceProviderMap.Lb
+        }
+      }
+      this.updateSupportedServices()
+    },
+    populateFormFromResource () {
+      if (!this.resource) return
+
+      const r = this.resource
+      this.form.name = r.name + ' - Clone'
+      this.form.displaytext = r.displaytext || r.name
+
+      if (r.guestiptype) {
+        this.guestType = r.guestiptype.toLowerCase()
+        this.form.guestiptype = r.guestiptype.toLowerCase()
+
+        if (this.guestType === 'l2' && r.service && Array.isArray(r.service)) {
+          this.form.userdatal2 = r.service.some(svc => svc.name === 'UserData')
+        }
+      }
+      if (r.internetprotocol) {
+        this.form.internetprotocol = r.internetprotocol.toLowerCase()
+        this.internetProtocolValue = r.internetprotocol.toLowerCase()
+      }
+      if (r.forvpc !== undefined) {
+        this.forVpc = r.forvpc
+        this.form.forvpc = r.forvpc
+      }
+
+      if (r.service && Array.isArray(r.service)) {
+        // Prefer provider from NetworkACL service if present (for NSX/Netris), else scan other services
+        let detectedProvider = null
+        const networkAclService = r.service.find(svc => svc.name === 'NetworkACL')
+        if (networkAclService && networkAclService.provider && networkAclService.provider.length > 0) {
+          const provName = (networkAclService.provider[0].name || '').toLowerCase()
+          if (provName === 'nsx') detectedProvider = 'NSX'
+          else if (provName === 'netris') detectedProvider = 'Netris'
+        }
+
+        if (!detectedProvider) {
+          // fallback: detect provider (Nsx/Netris) from any service provider in the source offering
+          for (const svc of r.service) {
+            if (svc.provider && Array.isArray(svc.provider) && svc.provider.length > 0) {
+              const provName = (svc.provider[0].name || '').toLowerCase()
+              if (provName === 'nsx') {
+                detectedProvider = 'NSX'
+                break
+              } else if (provName === 'netris') {
+                detectedProvider = 'Netris'
+                break
+              }
+            }
+          }
+        }
+
+        if (detectedProvider) {
+          this.provider = detectedProvider
+          this.form.provider = detectedProvider
+          if (detectedProvider === 'NSX') {
+            this.nsxSupportedServicesMap = {}
+            for (const svc of r.service) {
+              if (svc.provider && svc.provider.length > 0) {
+                const provName = svc.provider[0].name
+                if (provName && provName.toLowerCase() === 'nsx') {
+                  this.nsxSupportedServicesMap[svc.name] = this.NSX
+                } else if (svc.name === 'Dhcp' || svc.name === 'Dns' || svc.name === 'UserData') {
+                  this.nsxSupportedServicesMap[svc.name] = this.forVpc ? this.VPCVR : this.VR
+                }
+              }
+            }
+            if (this.forVpc) {
+              this.nsxSupportedServicesMap.NetworkACL = this.NSX
+            } else {
+              this.nsxSupportedServicesMap.Firewall = this.NSX
+            }
+          }
+        }
+      }
+
+      if (r.networkmode) {
+        this.networkmode = r.networkmode
+        this.form.networkmode = r.networkmode
+      }
+
+      if (r.supportsinternallb) {
+        this.form.lbtype = 'internalLb'
+      }
+
+      if (r.availability) {
+        const isIsolatedWithSourceNat = this.guestType === 'isolated' &&
+                                        r.service &&
+                                        r.service.some(svc => svc.name === 'SourceNat')
+        if (isIsolatedWithSourceNat && this.requiredNetworkOfferingExists) {
+          this.form.availability = 'Optional'
+        } else {
+          this.form.availability = r.availability
+        }
+      }
+      if (r.tags) this.form.tags = r.tags
+      if (r.conservemode !== undefined) this.form.conservemode = r.conservemode
+      if (r.ispersistent !== undefined) this.form.ispersistent = r.ispersistent
+      if (r.specifyvlan !== undefined) this.form.specifyvlan = r.specifyvlan
+      if (r.specifyipranges !== undefined) this.form.specifyipranges = r.specifyipranges
+      if (r.egressdefaultpolicy !== undefined) {
+        this.form.egressdefaultpolicy = r.egressdefaultpolicy ? 'allow' : 'deny'
+      }
+      if (r.networkrate) this.form.networkrate = r.networkrate
+      if (r.serviceofferingid) this.form.serviceofferingid = r.serviceofferingid
+
+      if (r.details) {
+        if (r.details.promiscuousmode) this.form.promiscuousmode = r.details.promiscuousmode
+        if (r.details.macaddresschanges) this.form.macaddresschanges = r.details.macaddresschanges
+        if (r.details.forgedtransmits) this.form.forgedtransmits = r.details.forgedtransmits
+        if (r.details.maclearning) this.form.maclearning = r.details.maclearning
+      }
+
+      this.forVpc = r.forvpc || false
+
+      if (r.service && Array.isArray(r.service)) {
+        const sourceServiceMap = {}
+        r.service.forEach(svc => {
+          if (svc.provider && svc.provider.length > 0) {
+            const providerName = svc.provider[0].name
+            sourceServiceMap[svc.name] = providerName
+          }
+        })
+
+        this.serviceProviderMap = sourceServiceMap
+
+        const updatedServices = this.supportedServices.map(svc => {
+          const serviceCopy = { ...svc, provider: [...svc.provider] }
+
+          if (sourceServiceMap[serviceCopy.name]) {
+            const providerName = sourceServiceMap[serviceCopy.name]
+
+            const providerIndex = serviceCopy.provider.findIndex(p => p.name === providerName)
+
+            if (providerIndex > 0) {
+              const targetProvider = serviceCopy.provider[providerIndex]
+              serviceCopy.provider.splice(providerIndex, 1)
+              serviceCopy.provider.unshift(targetProvider)
+            }
+
+            serviceCopy.defaultChecked = true
+            serviceCopy.selectedProvider = providerName
+            this.selectedServiceProviderMap[serviceCopy.name] = providerName
+          } else {
+            serviceCopy.defaultChecked = false
+            serviceCopy.selectedProvider = null
+          }
+          return serviceCopy
+        })
+
+        this.supportedServices = updatedServices
+        this.supportedSvcs = updatedServices.map(svc => ({ ...svc }))
+
+        this.sourceNatServiceChecked = !!this.selectedServiceProviderMap.SourceNat
+        this.lbServiceChecked = !!this.selectedServiceProviderMap.Lb
+        this.lbServiceProvider = this.selectedServiceProviderMap.Lb || ''
+        this.firewallServiceChecked = !!this.selectedServiceProviderMap.Firewall
+        this.firewallServiceProvider = this.selectedServiceProviderMap.Firewall || ''
+        this.staticNatServiceChecked = !!this.selectedServiceProviderMap.StaticNat
+        this.staticNatServiceProvider = this.selectedServiceProviderMap.StaticNat || ''
+        this.connectivityServiceChecked = !!this.selectedServiceProviderMap.Connectivity
+
+        this.$nextTick(() => {
+          this.servicesReady = true
+          this.$nextTick(() => {
+            this.checkVirtualRouterForServices()
+          })
+        })
+      }
+      if (this.provider === 'NSX') {
+        this.form.nsxsupportlb = Boolean(this.serviceProviderMap.Lb)
+        this.form.nsxsupportsinternallb = Boolean(r.nsxsupportsinternallb)
+        this.handleNsxLbService(this.form.nsxsupportlb)
+      }
+    },
+    updateSupportedServices () {
+      const supportedServices = this.supportedServices || []
+      if (!this.supportedSvcs || this.supportedSvcs.length === 0) {
+        this.supportedSvcs = supportedServices.slice()
+      }
+
+      if (this.provider !== 'NSX' && this.provider !== 'Netris') {
+        const filtered = supportedServices.map(svc => {
+          if (svc.name !== 'Connectivity') {
+            const providers = svc.provider.map(provider => {
+              if (this.forVpc) {
+                const enabledProviders = ['VpcVirtualRouter', 'Netscaler', 'BigSwitchBcf', 'ConfigDrive']
+                if (self.lbType === 'internalLb') {
+                  enabledProviders.push('InternalLbVm')
+                }
+                provider.enabled = enabledProviders.includes(provider.name)
+              } else {
+                provider.enabled = !['InternalLbVm', 'VpcVirtualRouter', 'Nsx', 'Netris'].includes(provider.name)
+              }
+              return provider
+            })
+            return { ...svc, provider: providers }
+          }
+          return svc
+        })
+        this.supportedServices = filtered
+      } else {
+        let svcMap = this.provider === 'NSX' ? this.nsxSupportedServicesMap : this.netrisSupportedServicesMap
+        if (!svcMap || Object.keys(svcMap).length === 0) {
+          svcMap = {}
+          const forVpc = this.forVpc
+          const baseProvider = this.provider === 'NSX' ? this.NSX : this.Netris
+          const vrProvider = forVpc ? this.VPCVR : this.VR
+          svcMap.Dhcp = vrProvider
+          svcMap.Dns = vrProvider
+          svcMap.UserData = vrProvider
+          if (this.networkmode === 'NATTED') {
+            svcMap.SourceNat = baseProvider
+            svcMap.StaticNat = baseProvider
+            svcMap.PortForwarding = baseProvider
+            svcMap.Lb = baseProvider
+          }
+          if (forVpc) {
+            svcMap.NetworkACL = baseProvider
+          } else {
+            svcMap.Firewall = baseProvider
+          }
+        }
+
+        const filtered = this.supportedSvcs.filter(svc => Object.keys(svcMap).includes(svc.name))
+          .map(svc => {
+            const preserveSelected = svc.selectedProvider !== undefined ? { defaultChecked: svc.defaultChecked, selectedProvider: svc.selectedProvider } : {}
+            const mappedProvider = svcMap[svc.name]
+            if (!['Dhcp', 'Dns', 'UserData'].includes(svc.name)) {
+              return { ...svc, provider: [mappedProvider], ...preserveSelected }
+            }
+            return { ...svc, provider: [mappedProvider], ...preserveSelected }
+          })
+        this.supportedServices = filtered
+        const newSelectedMap = {}
+        for (const svc of filtered) {
+          const mappedProvider = svc.provider && svc.provider[0]
+          const providerName = svc.selectedProvider || (mappedProvider && mappedProvider.name) || null
+          if (providerName) {
+            newSelectedMap[svc.name] = providerName
+          }
+        }
+        this.selectedServiceProviderMap = newSelectedMap
+      }
+    },
+    checkVirtualRouterForServices () {
+      this.isVirtualRouterForAtLeastOneService = false
+      this.isVpcVirtualRouterForAtLeastOneService = false
+      for (const service in this.selectedServiceProviderMap) {
+        const provider = this.selectedServiceProviderMap[service]
+        if (provider === 'VirtualRouter') {
+          this.isVirtualRouterForAtLeastOneService = true
+        } else if (provider === 'VpcVirtualRouter') {
+          this.isVirtualRouterForAtLeastOneService = true
+          this.isVpcVirtualRouterForAtLeastOneService = true
+        }
+      }
+    },
+    handleGuestTypeChange (val) {
+      this.guestType = val
+    },
+    handleForVpcChange (val) {
+      this.forVpc = val
+      this.updateSupportedServices()
+    },
+    handleNsxLbService (supportLb) {
+      const forVpc = this.forVpc
+      const baseProvider = this.NSX
+      const vrProvider = forVpc ? this.VPCVR : this.VR
+
+      const map = {
+        Dhcp: vrProvider,
+        Dns: vrProvider,
+        UserData: vrProvider
+      }
+      const wantSourceNat = this.networkmode === 'NATTED' || !!this.serviceProviderMap.SourceNat
+      const wantStaticNat = this.networkmode === 'NATTED' || !!this.serviceProviderMap.StaticNat
+      const wantPortForwarding = this.networkmode === 'NATTED' || !!this.serviceProviderMap.PortForwarding
+      const wantLb = supportLb || !!this.serviceProviderMap.Lb
+
+      if (wantSourceNat) map.SourceNat = baseProvider
+      if (wantStaticNat) map.StaticNat = baseProvider
+      if (wantPortForwarding) map.PortForwarding = baseProvider
+      if (wantLb) map.Lb = baseProvider
+
+      if (forVpc) map.NetworkACL = baseProvider
+      else map.Firewall = baseProvider
+
+      this.nsxSupportedServicesMap = map
+      this.updateSupportedServices()
+    },
+    handleForNetworkModeChange (val) {
+      this.networkmode = val
+
+      const routedExcludedServices = ['SourceNat', 'StaticNat', 'Lb', 'PortForwarding', 'Vpn']
+
+      if (val === 'ROUTED' && this.guestType === 'isolated') {
+        routedExcludedServices.forEach(service => {
+          if (this.selectedServiceProviderMap[service]) {
+            this.handleSupportedServiceChange(service, false, null)
+          }
+        })
+
+        this.supportedServices = this.supportedServices.map(svc => {
+          if (routedExcludedServices.includes(svc.name)) {
+            return {
+              ...svc,
+              defaultChecked: false,
+              selectedProvider: null
+            }
+          }
+          return svc
+        })
+      } else if (val === 'NATTED') {
+        routedExcludedServices.forEach(service => {
+          if (!this.selectedServiceProviderMap[service] && this.serviceProviderMap[service]) {
+            const provider = this.serviceProviderMap[service]
+            this.handleSupportedServiceChange(service, true, provider)
+          }
+        })
+
+        this.supportedServices = this.supportedServices.map(svc => {
+          if (routedExcludedServices.includes(svc.name) && this.serviceProviderMap[svc.name]) {
+            return {
+              ...svc,
+              defaultChecked: true,
+              selectedProvider: this.serviceProviderMap[svc.name]
+            }
+          }
+          return svc
+        })
+      }
+    },
+    isAdmin () {
+      return isAdmin()
+    },
+    fetchDomainData () {
+      const params = {}
+      params.listAll = true
+      params.showicon = true
+      params.details = 'min'
+      this.domainLoading = true
+      getAPI('listDomains', params).then(json => {
+        const listDomains = json.listdomainsresponse.domain
+        this.domains = this.domains.concat(listDomains)
+      }).finally(() => {
+        this.domainLoading = false
+      })
+    },
+    fetchZoneData () {
+      const params = {}
+      params.showicon = true
+      this.zoneLoading = true
+      getAPI('listZones', params).then(json => {
+        const listZones = json.listzonesresponse.zone
+        if (listZones) {
+          this.zones = this.zones.concat(listZones)
+        }
+      }).finally(() => {
+        this.zoneLoading = false
+      })
+    },
+    checkRequiredNetworkOfferingExists () {
+      return getAPI('listNetworkOfferings', {
+        guestiptype: 'Isolated',
+        sourcenatsupported: true,
+        availability: 'Required',
+        state: 'Enabled'
+      }).then(json => {
+        const offerings = json.listnetworkofferingsresponse.networkoffering || []
+        this.requiredNetworkOfferingExists = offerings.length > 0
+        return this.requiredNetworkOfferingExists
+      }).catch(error => {
+        console.error('checkRequiredNetworkOfferingExists: Error checking for required offerings:', error)
+        this.requiredNetworkOfferingExists = false
+        return false
+      })
+    },
+    fetchIpv6NetworkOfferingConfiguration () {
+      this.ipv6NetworkOfferingEnabled = false
+      const params = { name: 'ipv6.offering.enabled' }
+      getAPI('listConfigurations', params).then(json => {
+        const value = json?.listconfigurationsresponse?.configuration?.[0].value || null
+        this.ipv6NetworkOfferingEnabled = value === 'true'
+      })
+    },
+    fetchRegisteredServicePackages () {
+      this.registeredServicePackageLoading = true
+      getAPI('listRegisteredServicePackages', {}).then(json => {
+        this.registeredServicePackages = json.listregisteredservicepackage?.registeredServicePackage || []
+      }).finally(() => {
+        this.registeredServicePackageLoading = false
+      })
+    },
+    handleSupportedServiceChange (service, checked, provider) {
+      if (checked) {
+        const correctProvider = this.serviceProviderMap[service]
+        if (correctProvider && provider !== correctProvider) {
+          this.selectedServiceProviderMap[service] = correctProvider
+        } else {
+          this.selectedServiceProviderMap[service] = provider
+        }
+      } else {
+        delete this.selectedServiceProviderMap[service]
+      }
+
+      if (service === 'SourceNat') {
+        this.sourceNatServiceChecked = checked
+      } else if (service === 'Lb') {
+        this.lbServiceChecked = checked
+        this.lbServiceProvider = checked ? provider : ''
+        if (checked && provider === 'Netscaler') {
+          this.fetchRegisteredServicePackages()
+        }
+      } else if (service === 'Firewall') {
+        this.firewallServiceChecked = checked
+        this.firewallServiceProvider = checked ? provider : ''
+      } else if (service === 'StaticNat') {
+        this.staticNatServiceChecked = checked
+        this.staticNatServiceProvider = checked ? provider : ''
+      } else if (service === 'Connectivity') {
+        this.connectivityServiceChecked = checked
+      }
+
+      this.checkVirtualRouterForServices()
+    },
+    handleSubmit (e) {
+      if (e) {
+        e.preventDefault()
+      }
+      if (this.loading) return
+
+      this.formRef.value.validate().then(() => {
+        const formRaw = toRaw(this.form)
+        const values = this.handleRemoveFields(formRaw)
+
+        const params = {
+          sourceofferingid: this.resource.id,
+          name: values.name
+        }
+
+        if (values.displaytext) {
+          params.displaytext = values.displaytext
+        }
+
+        const forNsx = values.provider === 'NSX'
+        if (forNsx) {
+          params.provider = 'NSX'
+          params.nsxsupportlb = values.nsxsupportlb
+          if ('nsxsupportsinternallb' in values) {
+            params.nsxsupportsinternallb = values.nsxsupportsinternallb
+          }
+        }
+        const forNetris = values.provider === 'Netris'
+        if (forNetris) {
+          params.provider = 'Netris'
+        }
+
+        if (values.guestiptype) {
+          params.guestiptype = values.guestiptype
+        }
+
+        // Use composable for service capability params
+        if (this.selectedServiceProviderMap != null) {
+          buildServiceCapabilityParams(params, values, this.selectedServiceProviderMap, this.registeredServicePackages)
+        } else {
+          if (!('supportedservices' in params)) {
+            params.supportedservices = ''
+          }
+        }
+
+        if (values.guestiptype === 'l2' && values.userdatal2 === true) {
+          params.supportedservices = 'UserData'
+        }
+
+        if (values.availability) {
+          params.availability = values.availability
+        }
+        if (values.tags) {
+          params.tags = values.tags
+        }
+        if (values.specifyvlan !== undefined) {
+          params.specifyvlan = values.specifyvlan
+        }
+        if (values.conservemode !== undefined) {
+          params.conservemode = values.conservemode
+        }
+        if (values.ispersistent !== undefined) {
+          params.ispersistent = values.ispersistent
+        }
+        if (values.specifyipranges !== undefined) {
+          params.specifyipranges = values.specifyipranges
+        }
+        if (values.egressdefaultpolicy !== undefined) {
+          params.egressdefaultpolicy = values.egressdefaultpolicy
+        }
+        if (values.networkrate) {
+          params.networkrate = values.networkrate
+        }
+        if (values.serviceofferingid) {
+          params.serviceofferingid = values.serviceofferingid
+        }
+        if (values.enable !== undefined) {
+          params.enable = values.enable
+        }
+
+        if (values.ispublic !== true) {
+          const domainIndexes = values.domainid
+          let domainId = null
+          if (domainIndexes && domainIndexes.length > 0) {
+            const domainIds = []
+            for (let i = 0; i < domainIndexes.length; i++) {
+              domainIds.push(this.domains[domainIndexes[i]].id)
+            }
+            domainId = domainIds.join(',')
+          }
+          if (domainId) {
+            params.domainid = domainId
+          }
+        }
+        if (values.networkmode) {
+          params.networkmode = values.networkmode
+        }
+
+        const zoneIndexes = values.zoneid
+        let zoneId = null
+        if (zoneIndexes && zoneIndexes.length > 0) {
+          const zoneIds = []
+          for (let j = 0; j < zoneIndexes.length; j++) {
+            zoneIds.push(this.zones[zoneIndexes[j]].id)
+          }
+          zoneId = zoneIds.join(',')
+        }
+        if (zoneId) {
+          params.zoneid = zoneId
+        }
+
+        params.traffictype = this.resource.traffictype || 'GUEST'
+
+        let detailsIndex = 0
+        if (values.promiscuousmode && values.promiscuousmode !== '') {
+          params['details[' + detailsIndex + '].key'] = 'promiscuousmode'
+          params['details[' + detailsIndex + '].value'] = values.promiscuousmode
+          detailsIndex++
+        }
+        if (values.macaddresschanges && values.macaddresschanges !== '') {
+          params['details[' + detailsIndex + '].key'] = 'macaddresschanges'
+          params['details[' + detailsIndex + '].value'] = values.macaddresschanges
+          detailsIndex++
+        }
+        if (values.forgedtransmits && values.forgedtransmits !== '') {
+          params['details[' + detailsIndex + '].key'] = 'forgedtransmits'
+          params['details[' + detailsIndex + '].value'] = values.forgedtransmits
+          detailsIndex++
+        }
+        if (values.maclearning && values.maclearning !== '') {
+          params['details[' + detailsIndex + '].key'] = 'maclearning'
+          params['details[' + detailsIndex + '].value'] = values.maclearning
+          detailsIndex++
+        }
+
+        this.loading = true
+        postAPI('cloneNetworkOffering', params).then(json => {
+          this.$message.success(`${this.$t('message.success.clone.network.offering')} ${values.name}`)
+          this.$emit('refresh-data')
+          this.closeAction()
+        }).catch(error => {
+          this.$notifyError(error)
+        }).finally(() => {
+          this.loading = false
+        })
+      }).catch(error => {
+        this.formRef.value.scrollToField(error.errorFields[0].name)
+      })
+    },
+    closeAction () {
+      this.$emit('close-action')
+    }
+  }
+}
+</script>
+
+<style scoped lang="less">
+  .form-layout {
+    width: 80vw;
+
+    @media (min-width: 700px) {
+      width: 550px;
+    }
+  }
+
+  .supported-services-container {
+    height: 250px;
+    overflow-y: scroll;
+  }
+</style>
diff --git a/ui/src/views/offering/CloneVpcOffering.vue b/ui/src/views/offering/CloneVpcOffering.vue
new file mode 100644
index 000000000000..cecc0c600b57
--- /dev/null
+++ b/ui/src/views/offering/CloneVpcOffering.vue
@@ -0,0 +1,854 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+<template>
+  <div class="form-layout" v-ctrl-enter="handleSubmit">
+    <a-spin :spinning="loading">
+      <a-alert
+        v-if="resource"
+        type="info"
+        style="margin-bottom: 16px">
+        <template #message>
+          <div style="display: block; width: 100%;">
+            <div style="display: block; margin-bottom: 8px;">
+              <strong>{{ $t('message.clone.offering.from') }}: {{ resource.name }}</strong>
+            </div>
+            <div style="display: block; font-size: 12px;">
+              {{ $t('message.clone.offering.edit.hint') }}
+            </div>
+          </div>
+        </template>
+      </a-alert>
+      <a-form
+        :ref="formRef"
+        :model="form"
+        :rules="rules"
+        @finish="handleSubmit"
+        layout="vertical"
+       >
+        <a-form-item name="name" ref="name">
+          <template #label>
+            <tooltip-label :title="$t('label.name')" :tooltip="apiParams.name.description"/>
+          </template>
+          <a-input
+            v-focus="true"
+            v-model:value="form.name"
+            :placeholder="apiParams.name.description"/>
+        </a-form-item>
+        <a-form-item name="displaytext" ref="displaytext">
+          <template #label>
+            <tooltip-label :title="$t('label.displaytext')" :tooltip="apiParams.displaytext.description"/>
+          </template>
+          <a-input
+            v-model:value="form.displaytext"
+            :placeholder="apiParams.displaytext.description"/>
+        </a-form-item>
+        <a-form-item name="internetprotocol" ref="internetprotocol">
+          <template #label>
+            <tooltip-label :title="$t('label.internetprotocol')" :tooltip="apiParams.internetprotocol.description"/>
+          </template>
+          <span v-if="!ipv6NetworkOfferingEnabled || internetProtocolValue!=='ipv4'">
+            <a-alert type="warning">
+              <template #message>
+                <span v-html="ipv6NetworkOfferingEnabled ? $t('message.offering.internet.protocol.warning') : $t('message.offering.ipv6.warning')" />
+              </template>
+            </a-alert>
+            <br/>
+          </span>
+          <a-radio-group
+            v-model:value="form.internetprotocol"
+            :disabled="!ipv6NetworkOfferingEnabled"
+            buttonStyle="solid"
+            @change="e => { internetProtocolValue = e.target.value }" >
+            <a-radio-button value="ipv4">
+              {{ $t('label.ip.v4') }}
+            </a-radio-button>
+            <a-radio-button value="dualstack">
+              {{ $t('label.ip.v4.v6') }}
+            </a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-row :gutter="12">
+          <a-col :md="12" :lg="12">
+            <a-form-item name="provider" ref="provider">
+              <template #label>
+                <tooltip-label :title="$t('label.provider')" :tooltip="apiParams.provider.description"/>
+              </template>
+              <a-select
+                v-model:value="form.provider"
+                @change="val => handleProviderChange(val)"
+                showSearch
+                disabled
+                optionFilterProp="label"
+                :filterOption="(input, option) => {
+                  return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+                }"
+                :placeholder="apiParams.provider.description" >
+                <a-select-option key="" value="">{{ $t('label.none') }}</a-select-option>
+                <a-select-option :value="'NSX'" :label="$t('label.nsx')"> {{ $t('label.nsx') }} </a-select-option>
+                <a-select-option :value="'Netris'" :label="$t('label.netris')"> {{ $t('label.netris') }} </a-select-option>
+              </a-select>
+            </a-form-item>
+          </a-col>
+          <a-col :md="12" :lg="12" v-if="form.provider === 'NSX'">
+            <a-form-item name="nsxsupportlb" ref="nsxsupportlb">
+              <template #label>
+                <tooltip-label :title="$t('label.nsx.supports.lb')" :tooltip="apiParams.nsxsupportlb.description"/>
+              </template>
+              <a-switch v-model:checked="form.nsxsupportlb" @change="val => { handleNsxLbService(val) }" />
+            </a-form-item>
+          </a-col>
+        </a-row>
+        <a-row :gutter="12" v-if="routingMode === 'dynamic' && form.provider === 'NSX'">
+          <a-col :md="12" :lg="12">
+            <a-form-item name="specifyasnumber" ref="specifyasnumber">
+              <template #label>
+                <tooltip-label :title="$t('label.specifyasnumber')"/>
+              </template>
+              <a-switch v-model:checked="form.specifyasnumber" />
+            </a-form-item>
+          </a-col>
+        </a-row>
+        <a-form-item name="networkmode" ref="networkmode">
+          <template #label>
+            <tooltip-label :title="$t('label.networkmode')" :tooltip="apiParams.networkmode.description"/>
+          </template>
+          <a-select
+            optionFilterProp="label"
+            v-model:value="form.networkmode"
+            :disabled="provider === 'NSX' || provider === 'Netris'"
+            @change="val => { handleForNetworkModeChange(val) }"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :placeholder="apiParams.networkmode.description">
+            <a-select-option v-for="(opt) in networkmodes" :key="opt.name" :label="opt.name">
+              {{ opt.name }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="routingmode" ref="routingmode" v-if="networkmode === 'ROUTED' || internetProtocolValue === 'ipv6' || internetProtocolValue === 'dualstack'">
+          <template #label>
+            <tooltip-label :title="$t('label.routingmode')" :tooltip="apiParams.routingmode.description"/>
+          </template>
+          <a-radio-group
+            v-model:value="form.routingmode"
+            buttonStyle="solid"
+            @change="selected => { routingMode = selected.target.value }">
+            <a-radio-button value="static">
+              {{ $t('label.static') }}
+            </a-radio-button>
+            <a-radio-button value="dynamic">
+              {{ $t('label.dynamic') }}
+            </a-radio-button>
+          </a-radio-group>
+        </a-form-item>
+        <a-form-item>
+          <template #label>
+            <tooltip-label :title="$t('label.supportedservices')" :tooltip="apiParams.supportedservices ? apiParams.supportedservices.description : ''"/>
+          </template>
+          <div class="supported-services-container" scroll-to="last-child">
+            <a-spin v-if="!servicesReady" :spinning="true" />
+            <a-list v-else itemLayout="horizontal" :dataSource="supportedServices">
+              <template #renderItem="{ item }">
+                <a-list-item>
+                  <CheckBoxSelectPair
+                    :key="`${item.name}-${item.selectedProvider || 'none'}`"
+                    :resourceKey="item.name"
+                    :checkBoxLabel="item.description"
+                    :forExternalNetProvider="form.provider === 'NSX' || form.provider === 'Netris'"
+                    :defaultCheckBoxValue="item.defaultChecked"
+                    :defaultSelectValue="item.selectedProvider"
+                    :selectOptions="item.provider"
+                    @handle-checkselectpair-change="handleSupportedServiceChange"/>
+                </a-list-item>
+              </template>
+            </a-list>
+          </div>
+        </a-form-item>
+        <a-form-item name="regionlevelvpc" ref="regionlevelvpc" :label="$t('label.service.connectivity.regionlevelvpccapabilitycheckbox')" v-if="connectivityServiceChecked">
+          <a-switch v-model:checked="form.regionlevelvpc" />
+        </a-form-item>
+        <a-form-item name="distributedrouter" ref="distributedrouter" :label="$t('label.service.connectivity.distributedroutercapabilitycheckbox')" v-if="connectivityServiceChecked">
+          <a-switch v-model:checked="form.distributedrouter" />
+        </a-form-item>
+        <a-form-item name="redundantrouter" ref="redundantrouter" :label="$t('label.redundantrouter')" v-if="sourceNatServiceChecked">
+          <a-switch v-model:checked="form.redundantrouter" />
+        </a-form-item>
+        <a-form-item name="serviceofferingid" ref="serviceofferingid">
+          <a-alert v-if="!isVpcVirtualRouterForAtLeastOneService" type="warning" style="margin-bottom: 10px">
+            <template #message>
+              <span v-html="$t('message.vr.alert.upon.network.offering.creation.others')" />
+            </template>
+          </a-alert>
+          <template #label>
+            <tooltip-label :title="$t('label.serviceofferingid')" :tooltip="apiParams.serviceofferingid.description"/>
+          </template>
+          <a-select
+            showSearch
+            optionFilterProp="label"
+            v-model:value="form.serviceofferingid"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="serviceOfferingLoading"
+            :placeholder="apiParams.serviceofferingid.description">
+            <a-select-option v-for="(opt) in serviceOfferings" :key="opt.id" :label="opt.name || opt.description">
+              {{ opt.name || opt.description }}
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="ispublic" ref="ispublic" :label="$t('label.ispublic')" v-if="isAdmin()">
+          <a-switch v-model:checked="form.ispublic" @change="val => { isPublic = val }" />
+        </a-form-item>
+        <a-form-item name="domainid" ref="domainid" v-if="!isPublic">
+          <template #label>
+            <tooltip-label :title="$t('label.domainid')" :tooltip="apiParams.domainid.description"/>
+          </template>
+          <a-select
+            mode="multiple"
+            v-model:value="form.domainid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="domainLoading"
+            :placeholder="apiParams.domainid.description">
+            <a-select-option v-for="(opt, optIndex) in domains" :key="optIndex" :label="opt.path || opt.name || opt.description">
+              <span>
+                <resource-icon v-if="opt && opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
+                <block-outlined v-else style="margin-right: 5px" />
+                {{ opt.path || opt.name || opt.description }}
+              </span>
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="zoneid" ref="zoneid">
+          <template #label>
+            <tooltip-label :title="$t('label.zoneid')" :tooltip="apiParams.zoneid.description"/>
+          </template>
+          <a-select
+            id="zone-selection"
+            mode="multiple"
+            v-model:value="form.zoneid"
+            showSearch
+            optionFilterProp="label"
+            :filterOption="(input, option) => {
+              return option.label.toLowerCase().indexOf(input.toLowerCase()) >= 0
+            }"
+            :loading="zoneLoading"
+            :placeholder="apiParams.zoneid.description">
+            <a-select-option v-for="(opt, optIndex) in zones" :key="optIndex" :label="opt.name || opt.description">
+              <span>
+                <resource-icon v-if="opt.icon" :image="opt.icon.base64image" size="1x" style="margin-right: 5px"/>
+                <global-outlined v-else style="margin-right: 5px"/>
+                {{ opt.name || opt.description }}
+              </span>
+            </a-select-option>
+          </a-select>
+        </a-form-item>
+        <a-form-item name="enable" ref="enable" v-if="apiParams.enable">
+          <template #label>
+            <tooltip-label :title="$t('label.enable.vpc.offering')" :tooltip="apiParams.enable.description"/>
+          </template>
+          <a-switch v-model:checked="form.enable" />
+        </a-form-item>
+      </a-form>
+      <div :span="24" class="action-button">
+        <a-button @click="closeAction">{{ $t('label.cancel') }}</a-button>
+        <a-button :loading="loading" ref="submit" type="primary" @click="handleSubmit">{{ $t('label.ok') }}</a-button>
+      </div>
+    </a-spin>
+  </div>
+</template>
+
+<script>
+import { ref, reactive, toRaw } from 'vue'
+import { getAPI, postAPI } from '@/api'
+import { isAdmin } from '@/role'
+import { mixinForm } from '@/utils/mixin'
+import CheckBoxSelectPair from '@/components/CheckBoxSelectPair'
+import ResourceIcon from '@/components/view/ResourceIcon'
+import TooltipLabel from '@/components/widgets/TooltipLabel'
+import { BlockOutlined, GlobalOutlined } from '@ant-design/icons-vue'
+import { buildVpcServiceCapabilityParams } from '@/composables/useServiceCapabilityParams'
+
+export default {
+  name: 'CloneVpcOffering',
+  mixins: [mixinForm],
+  components: {
+    CheckBoxSelectPair,
+    ResourceIcon,
+    TooltipLabel,
+    BlockOutlined,
+    GlobalOutlined
+  },
+  props: {
+    resource: {
+      type: Object,
+      required: true
+    }
+  },
+  data () {
+    return {
+      selectedDomains: [],
+      selectedZones: [],
+      isConserveMode: true,
+      internetProtocolValue: 'ipv4',
+      domains: [],
+      domainLoading: false,
+      zones: [],
+      zoneLoading: false,
+      forNsx: false,
+      provider: '',
+      loading: false,
+      supportedServices: [],
+      supportedServiceLoading: false,
+      servicesReady: false,
+      serviceOfferings: [],
+      serviceOfferingLoading: false,
+      isVpcVirtualRouterForAtLeastOneService: false,
+      connectivityServiceChecked: false,
+      sourceNatServiceChecked: false,
+      selectedServiceProviderMap: {},
+      serviceProviderMap: {},
+      ipv6NetworkOfferingEnabled: false,
+      routedNetworkEnabled: false,
+      routingMode: 'static',
+      networkmode: '',
+      networkmodes: [
+        {
+          id: 0,
+          name: 'NATTED'
+        },
+        {
+          id: 1,
+          name: 'ROUTED'
+        }
+      ],
+      isPublic: true,
+      VPCVR: {
+        name: 'VpcVirtualRouter',
+        description: 'VpcVirtualRouter',
+        enabled: true
+      },
+      NSX: {
+        name: 'Nsx',
+        description: 'Nsx',
+        enabled: true
+      },
+      Netris: {
+        name: 'Netris',
+        description: 'Netris',
+        enabled: true
+      }
+    }
+  },
+  beforeCreate () {
+    this.apiParams = this.$getApiParams('cloneVPCOffering')
+  },
+  created () {
+    this.zones = [
+      {
+        id: null,
+        name: this.$t('label.all.zone')
+      }
+    ]
+    this.isPublic = isAdmin()
+    this.initForm()
+    this.fetchData()
+  },
+  methods: {
+    initForm () {
+      this.formRef = ref()
+      this.form = reactive({
+        regionlevelvpc: true,
+        distributedrouter: true,
+        ispublic: this.isPublic,
+        internetprotocol: this.internetProtocolValue,
+        nsxsupportlb: true,
+        routingmode: 'static',
+        domainid: [],
+        zoneid: []
+      })
+      this.rules = reactive({
+        name: [{ required: true, message: this.$t('message.error.name') }],
+        domainid: [{ type: 'array', required: true, message: this.$t('message.error.select') }],
+        zoneid: [{
+          type: 'array',
+          validator: async (rule, value) => {
+            if (value && value.length > 1 && value.indexOf(0) !== -1) {
+              return Promise.reject(this.$t('message.error.zone.combined'))
+            }
+            return Promise.resolve()
+          }
+        }]
+      })
+    },
+    fetchData () {
+      this.fetchDomainData()
+      this.fetchZoneData()
+      this.fetchIpv6NetworkOfferingConfiguration()
+      this.fetchRoutedNetworkConfiguration()
+      this.fetchSupportedServiceData()
+    },
+    isAdmin () {
+      return isAdmin()
+    },
+    fetchIpv6NetworkOfferingConfiguration () {
+      this.ipv6NetworkOfferingEnabled = false
+      const params = { name: 'ipv6.offering.enabled' }
+      getAPI('listConfigurations', params).then(json => {
+        const value = json?.listconfigurationsresponse?.configuration?.[0].value || null
+        this.ipv6NetworkOfferingEnabled = value === 'true'
+      })
+    },
+    fetchRoutedNetworkConfiguration () {
+      this.routedNetworkEnabled = false
+      const params = { name: 'routed.network.vpc.enabled' }
+      getAPI('listConfigurations', params).then(json => {
+        const value = json?.listconfigurationsresponse?.configuration?.[0].value || null
+        this.routedNetworkEnabled = value === 'true'
+        if (!this.routedNetworkEnabled) {
+          this.networkmodes.pop()
+        }
+      })
+    },
+    fetchDomainData () {
+      const params = {}
+      params.listAll = true
+      params.showicon = true
+      params.details = 'min'
+      this.domainLoading = true
+      getAPI('listDomains', params).then(json => {
+        const listDomains = json.listdomainsresponse.domain
+        this.domains = this.domains.concat(listDomains)
+      }).finally(() => {
+        this.domainLoading = false
+      })
+    },
+    fetchZoneData () {
+      const params = {}
+      params.showicon = true
+      this.zoneLoading = true
+      getAPI('listZones', params).then(json => {
+        const listZones = json.listzonesresponse.zone
+        if (listZones) {
+          this.zones = this.zones.concat(listZones)
+        }
+      }).finally(() => {
+        this.zoneLoading = false
+      })
+    },
+    fetchSupportedServiceData () {
+      this.supportedServiceLoading = true
+      getAPI('listSupportedNetworkServices', {}).then(json => {
+        const networkServices = json.listsupportednetworkservicesresponse.networkservice || []
+
+        let services = []
+        if (this.provider === 'NSX') {
+          services = this.buildNsxServices(networkServices)
+        } else if (this.provider === 'Netris') {
+          services = this.buildNetrisServices(networkServices)
+        } else {
+          services = this.buildDefaultServices(networkServices)
+        }
+
+        if (this.networkmode === 'ROUTED') {
+          services = services.filter(service => {
+            return !['SourceNat', 'StaticNat', 'Lb', 'PortForwarding', 'Vpn'].includes(service.name)
+          })
+          if (['NSX', 'Netris'].includes(this.provider)) {
+            services.push({
+              name: 'Gateway',
+              description: 'Gateway',
+              enabled: true,
+              provider: [{ name: this.provider }]
+            })
+          }
+        }
+
+        for (const i in services) {
+          services[i].description = services[i].name
+        }
+
+        this.supportedServices = services
+        this.supportedServiceLoading = false
+
+        this.$nextTick(() => {
+          this.populateFormFromResource()
+        })
+      })
+    },
+    buildNsxServices (networkServices) {
+      return [
+        { name: 'Dhcp', enabled: true, provider: [{ name: 'VpcVirtualRouter' }] },
+        { name: 'Dns', enabled: true, provider: [{ name: 'VpcVirtualRouter' }] },
+        { name: 'Lb', enabled: true, provider: [{ name: 'Nsx' }] },
+        { name: 'StaticNat', enabled: true, provider: [{ name: 'Nsx' }] },
+        { name: 'SourceNat', enabled: true, provider: [{ name: 'Nsx' }] },
+        { name: 'NetworkACL', enabled: true, provider: [{ name: 'Nsx' }] },
+        { name: 'PortForwarding', enabled: true, provider: [{ name: 'Nsx' }] },
+        { name: 'UserData', enabled: true, provider: [{ name: 'VpcVirtualRouter' }] }
+      ]
+    },
+    buildNetrisServices (networkServices) {
+      return [
+        { name: 'Dhcp', enabled: true, provider: [{ name: 'VpcVirtualRouter' }] },
+        { name: 'Dns', enabled: true, provider: [{ name: 'VpcVirtualRouter' }] },
+        { name: 'Lb', enabled: true, provider: [{ name: 'Netris' }] },
+        { name: 'StaticNat', enabled: true, provider: [{ name: 'Netris' }] },
+        { name: 'SourceNat', enabled: true, provider: [{ name: 'Netris' }] },
+        { name: 'NetworkACL', enabled: true, provider: [{ name: 'Netris' }] },
+        { name: 'PortForwarding', enabled: true, provider: [{ name: 'Netris' }] },
+        { name: 'UserData', enabled: true, provider: [{ name: 'VpcVirtualRouter' }] }
+      ]
+    },
+    buildDefaultServices (networkServices) {
+      return [
+        { name: 'Dhcp', provider: [{ name: 'VpcVirtualRouter' }, { name: 'ConfigDrive' }] },
+        { name: 'Dns', provider: [{ name: 'VpcVirtualRouter' }, { name: 'ConfigDrive' }] },
+        { name: 'Lb', provider: [{ name: 'VpcVirtualRouter' }, { name: 'InternalLbVm' }] },
+        { name: 'Gateway', provider: [{ name: 'VpcVirtualRouter' }, { name: 'BigSwitchBcf' }] },
+        { name: 'StaticNat', provider: [{ name: 'VpcVirtualRouter' }, { name: 'BigSwitchBcf' }] },
+        { name: 'SourceNat', provider: [{ name: 'VpcVirtualRouter' }, { name: 'BigSwitchBcf' }] },
+        { name: 'NetworkACL', provider: [{ name: 'VpcVirtualRouter' }, { name: 'BigSwitchBcf' }] },
+        { name: 'PortForwarding', provider: [{ name: 'VpcVirtualRouter' }] },
+        { name: 'UserData', provider: [{ name: 'VpcVirtualRouter' }, { name: 'ConfigDrive' }] },
+        { name: 'Vpn', provider: [{ name: 'VpcVirtualRouter' }, { name: 'BigSwitchBcf' }] },
+        { name: 'Connectivity', provider: [{ name: 'BigSwitchBcf' }, { name: 'NiciraNvp' }, { name: 'Ovs' }, { name: 'JuniperContrailVpcRouter' }] }
+      ]
+    },
+    populateFormFromResource () {
+      if (!this.resource) return
+
+      const r = this.resource
+      this.form.name = r.name + ' - Clone'
+      this.form.displaytext = r.displaytext || r.name
+
+      if (r.internetprotocol) {
+        this.form.internetprotocol = r.internetprotocol.toLowerCase()
+        this.internetProtocolValue = r.internetprotocol.toLowerCase()
+      }
+
+      if (r.service && Array.isArray(r.service)) {
+        const networkAclService = r.service.find(svc => svc.name === 'NetworkACL')
+        if (networkAclService && networkAclService.provider && networkAclService.provider.length > 0) {
+          const providerName = networkAclService.provider[0].name
+          if (providerName === 'Nsx') {
+            this.provider = 'NSX'
+            this.form.provider = 'NSX'
+          } else if (providerName === 'Netris') {
+            this.provider = 'Netris'
+            this.form.provider = 'Netris'
+          }
+        }
+      }
+
+      if (r.networkmode) {
+        this.networkmode = r.networkmode
+        this.form.networkmode = r.networkmode
+      }
+
+      if (r.routingmode) {
+        this.routingMode = r.routingmode
+        this.form.routingmode = r.routingmode
+      }
+
+      if (r.serviceofferingid) {
+        this.form.serviceofferingid = r.serviceofferingid
+      }
+
+      if (r.service && Array.isArray(r.service)) {
+        const sourceServiceMap = {}
+        r.service.forEach(svc => {
+          if (svc.provider && svc.provider.length > 0) {
+            const providerName = svc.provider[0].name
+            sourceServiceMap[svc.name] = providerName
+          }
+        })
+
+        this.serviceProviderMap = sourceServiceMap
+
+        const updatedServices = this.supportedServices.map(svc => {
+          const serviceCopy = { ...svc, provider: [...svc.provider] }
+
+          if (sourceServiceMap[serviceCopy.name]) {
+            const providerName = sourceServiceMap[serviceCopy.name]
+            const providerIndex = serviceCopy.provider.findIndex(p => p.name === providerName)
+
+            if (providerIndex > 0) {
+              const targetProvider = serviceCopy.provider[providerIndex]
+              serviceCopy.provider.splice(providerIndex, 1)
+              serviceCopy.provider.unshift(targetProvider)
+            }
+
+            serviceCopy.defaultChecked = true
+            serviceCopy.selectedProvider = providerName
+            this.selectedServiceProviderMap[serviceCopy.name] = providerName
+          } else {
+            serviceCopy.defaultChecked = false
+            serviceCopy.selectedProvider = null
+          }
+          return serviceCopy
+        })
+
+        this.supportedServices = updatedServices
+
+        this.connectivityServiceChecked = Boolean(this.selectedServiceProviderMap.Connectivity)
+        this.sourceNatServiceChecked = Boolean(this.selectedServiceProviderMap.SourceNat)
+
+        this.$nextTick(() => {
+          this.servicesReady = true
+          this.$nextTick(() => {
+            this.checkVpcVirtualRouterForServices()
+          })
+        })
+      }
+
+      if (r.service && Array.isArray(r.service)) {
+        const connectivityService = r.service.find(svc => svc.name === 'Connectivity')
+        if (connectivityService && connectivityService.capability) {
+          const regionLevelCapability = connectivityService.capability.find(cap => cap.name === 'RegionLevelVpc')
+          if (regionLevelCapability) {
+            this.form.regionlevelvpc = regionLevelCapability.value === 'true'
+          }
+          const distributedRouterCapability = connectivityService.capability.find(cap => cap.name === 'DistributedRouter')
+          if (distributedRouterCapability) {
+            this.form.distributedrouter = distributedRouterCapability.value === 'true'
+          }
+        }
+
+        const sourceNatService = r.service.find(svc => svc.name === 'SourceNat')
+        if (sourceNatService && sourceNatService.capability) {
+          const redundantRouterCapability = sourceNatService.capability.find(cap => cap.name === 'RedundantRouter')
+          if (redundantRouterCapability) {
+            this.form.redundantrouter = redundantRouterCapability.value === 'true'
+          }
+        }
+
+        const gatewayService = r.service.find(svc => svc.name === 'Gateway')
+        if (gatewayService && gatewayService.capability) {
+          const redundantRouterCapability = gatewayService.capability.find(cap => cap.name === 'RedundantRouter')
+          if (redundantRouterCapability) {
+            this.form.redundantrouter = redundantRouterCapability.value === 'true'
+          }
+        }
+      }
+
+      if (this.provider === 'NSX') {
+        this.form.nsxsupportlb = Boolean(this.serviceProviderMap.Lb)
+      }
+    },
+    async handleProviderChange (value) {
+      this.provider = value
+      if (this.provider === 'NSX') {
+        this.form.nsxsupportlb = true
+        this.handleNsxLbService(true)
+      }
+      this.fetchSupportedServiceData()
+    },
+    handleNsxLbService (supportLb) {
+      if (!supportLb) {
+        this.supportedServices = this.supportedServices.filter(svc => svc.name !== 'Lb')
+        delete this.selectedServiceProviderMap.Lb
+      } else {
+        const lbExists = this.supportedServices.some(svc => svc.name === 'Lb')
+        if (!lbExists) {
+          this.supportedServices.push({
+            name: 'Lb',
+            description: 'Lb',
+            enabled: true,
+            provider: [{ name: 'Nsx' }]
+          })
+        }
+      }
+    },
+    handleSupportedServiceChange (service, checked, provider) {
+      if (checked) {
+        const correctProvider = this.serviceProviderMap[service]
+        if (correctProvider && provider !== correctProvider) {
+          this.selectedServiceProviderMap[service] = correctProvider
+        } else {
+          this.selectedServiceProviderMap[service] = provider
+        }
+      } else {
+        delete this.selectedServiceProviderMap[service]
+      }
+
+      if (service === 'Connectivity') {
+        this.connectivityServiceChecked = checked
+      }
+      if (service === 'SourceNat') {
+        this.sourceNatServiceChecked = checked
+      }
+
+      this.checkVpcVirtualRouterForServices()
+    },
+    checkVpcVirtualRouterForServices () {
+      this.isVpcVirtualRouterForAtLeastOneService = false
+      const providers = Object.values(this.selectedServiceProviderMap)
+      for (const provider of providers) {
+        if (provider === 'VpcVirtualRouter') {
+          this.isVpcVirtualRouterForAtLeastOneService = true
+          break
+        }
+      }
+      if (this.isVpcVirtualRouterForAtLeastOneService && this.serviceOfferings.length === 0) {
+        this.fetchServiceOfferingData()
+      }
+    },
+    handleForNetworkModeChange (networkMode) {
+      this.networkmode = networkMode
+      this.fetchSupportedServiceData()
+    },
+    fetchServiceOfferingData () {
+      const params = {}
+      params.issystem = true
+      params.systemvmtype = 'domainrouter'
+      this.serviceOfferingLoading = true
+      getAPI('listServiceOfferings', params).then(json => {
+        const listServiceOfferings = json.listserviceofferingsresponse.serviceoffering
+        this.serviceOfferings = this.serviceOfferings.concat(listServiceOfferings)
+      }).finally(() => {
+        this.serviceOfferingLoading = false
+      })
+    },
+    handleSubmit (e) {
+      if (e) {
+        e.preventDefault()
+      }
+      if (this.loading) return
+      this.formRef.value.validate().then(() => {
+        const formRaw = toRaw(this.form)
+        const values = this.handleRemoveFields(formRaw)
+        const params = {
+          sourceofferingid: this.resource.id,
+          name: values.name
+        }
+        if (values.displaytext) {
+          params.displaytext = values.displaytext
+        }
+
+        if (values.ispublic !== true) {
+          const domainIndexes = values.domainid
+          let domainId = null
+          if (domainIndexes && domainIndexes.length > 0) {
+            const domainIds = []
+            for (let i = 0; i < domainIndexes.length; i++) {
+              domainIds.push(this.domains[domainIndexes[i]].id)
+            }
+            domainId = domainIds.join(',')
+          }
+          if (domainId) {
+            params.domainid = domainId
+          }
+        }
+
+        const zoneIndexes = values.zoneid
+        let zoneId = null
+        if (zoneIndexes && zoneIndexes.length > 0) {
+          const zoneIds = []
+          for (let j = 0; j < zoneIndexes.length; j++) {
+            zoneIds.push(this.zones[zoneIndexes[j]].id)
+          }
+          zoneId = zoneIds.join(',')
+        }
+        if (zoneId) {
+          params.zoneid = zoneId
+        }
+
+        if (values.internetprotocol) {
+          params.internetprotocol = values.internetprotocol
+        }
+
+        const forNsx = values.provider === 'NSX'
+        if (forNsx) {
+          params.provider = 'NSX'
+          params.nsxsupportlb = values.nsxsupportlb
+        }
+        const forNetris = values.provider === 'Netris'
+        if (forNetris) {
+          params.provider = 'Netris'
+        }
+
+        if (values.networkmode) {
+          params.networkmode = values.networkmode
+        }
+
+        if (values.specifyasnumber !== undefined) {
+          params.specifyasnumber = values.specifyasnumber
+        }
+
+        if (values.routingmode) {
+          params.routingmode = values.routingmode
+        }
+
+        if (this.selectedServiceProviderMap != null) {
+          const supportedServices = Object.keys(this.selectedServiceProviderMap)
+          if (!forNsx && !forNetris) {
+            params.supportedservices = supportedServices.join(',')
+          }
+          for (const k in supportedServices) {
+            params['serviceProviderList[' + k + '].service'] = supportedServices[k]
+            params['serviceProviderList[' + k + '].provider'] = this.selectedServiceProviderMap[supportedServices[k]]
+          }
+          buildVpcServiceCapabilityParams(params, values, this.selectedServiceProviderMap, this.isVpcVirtualRouterForAtLeastOneService)
+        } else {
+          params.supportedservices = ''
+        }
+
+        if (values.enable !== undefined) {
+          params.enable = values.enable
+        }
+
+        this.loading = true
+        postAPI('cloneVPCOffering', params).then(json => {
+          this.$message.success(`${this.$t('message.success.clone.vpc.offering')} ${values.name}`)
+          this.$emit('refresh-data')
+          this.closeAction()
+        }).catch(error => {
+          this.$notifyError(error)
+        }).finally(() => {
+          this.loading = false
+        })
+      }).catch(error => {
+        this.formRef.value.scrollToField(error.errorFields[0].name)
+      })
+    },
+    closeAction () {
+      this.$emit('close-action')
+    }
+  }
+}
+</script>
+
+<style scoped lang="scss">
+  .form-layout {
+    width: 80vw;
+
+    @media (min-width: 800px) {
+      width: 500px;
+    }
+  }
+
+  .supported-services-container {
+    height: 250px;
+    overflow: auto;
+  }
+</style>