diff --git a/cmd/omni-infra-provider-kubevirt/data/schema.json b/cmd/omni-infra-provider-kubevirt/data/schema.json
index b566b7e..5885f37 100644
--- a/cmd/omni-infra-provider-kubevirt/data/schema.json
+++ b/cmd/omni-infra-provider-kubevirt/data/schema.json
@@ -16,6 +16,10 @@
       "type": "integer",
       "minimum": 5,
       "description": "In GB"
+    },
+    "network_binding": {
+      "enum": ["bridge", "passt"],
+      "default": "bridge"
     }
   },
   "required": [
diff --git a/cmd/omni-infra-provider-kubevirt/main.go b/cmd/omni-infra-provider-kubevirt/main.go
index fe377b7..be2fb66 100644
--- a/cmd/omni-infra-provider-kubevirt/main.go
+++ b/cmd/omni-infra-provider-kubevirt/main.go
@@ -90,7 +90,7 @@ var rootCmd = &cobra.Command{
 			return fmt.Errorf("data-volume-mode flags should be one of %s", volumeOpts)
 		}
 
-		provisioner := provider.NewProvisioner(k8sClient, cfg.namespace, cfg.dataVolumeMode, cfg.networkBinding)
+		provisioner := provider.NewProvisioner(k8sClient, cfg.namespace, cfg.dataVolumeMode)
 
 		ip, err := infra.NewProvider(meta.ProviderID, provisioner, infra.ProviderConfig{
 			Name:        cfg.providerName,
@@ -126,7 +126,6 @@ var cfg struct {
 	kubeconfigFile      string
 	namespace           string
 	dataVolumeMode      string
-	networkBinding      string
 	insecureSkipVerify  bool
 }
 
@@ -153,6 +152,5 @@ func init() {
 	rootCmd.Flags().StringVar(&cfg.kubeconfigFile, "kubeconfig-file", "~/.kube/config", "Kubeconfig file to use to connect to the cluster where KubeVirt is running")
 	rootCmd.Flags().StringVar(&cfg.namespace, "namespace", "default", "Kubernetes namespace to use for the resources created by the provider")
 	rootCmd.Flags().StringVar(&cfg.dataVolumeMode, "data-volume-mode", "", "DataVolume PVC type to use (Block|Filesystem)")
-	rootCmd.Flags().StringVar(&cfg.networkBinding, "kubevirt-network-binding", "bridge", "Which network binding to use for VM primary interface (bridge|passt)")
 	rootCmd.Flags().BoolVar(&cfg.insecureSkipVerify, "insecure-skip-verify", false, "ignores untrusted certs on Omni side")
 }
diff --git a/internal/pkg/provider/data.go b/internal/pkg/provider/data.go
index a53f1da..b57437e 100644
--- a/internal/pkg/provider/data.go
+++ b/internal/pkg/provider/data.go
@@ -6,8 +6,9 @@ package provider
 
 // Data is the provider custom machine config.
 type Data struct {
-	Architecture string `yaml:"architecture"`
-	Cores        int    `yaml:"cores"`
-	DiskSize     int    `yaml:"disk_size"`
-	Memory       uint64 `yaml:"memory"`
+	Architecture   string `yaml:"architecture"`
+	Cores          int    `yaml:"cores"`
+	DiskSize       int    `yaml:"disk_size"`
+	Memory         uint64 `yaml:"memory"`
+	NetworkBinding string `yaml:"network_binding,omitempty"`
 }
diff --git a/internal/pkg/provider/provision.go b/internal/pkg/provider/provision.go
index 542bad6..25b51c0 100644
--- a/internal/pkg/provider/provision.go
+++ b/internal/pkg/provider/provision.go
@@ -33,28 +33,17 @@ import (
 
 // Provisioner implements Talos emulator infra provider.
 type Provisioner struct {
-	k8sClient        client.Client
-	namespace        string
-	volumeMode       v1.PersistentVolumeMode
-	networkInterface kvv1.Interface
+	k8sClient  client.Client
+	namespace  string
+	volumeMode v1.PersistentVolumeMode
 }
 
 // NewProvisioner creates a new provisioner.
-func NewProvisioner(k8sClient client.Client, namespace, volumeMode, networkBinding string) *Provisioner {
-	networkInterface := *kvv1.DefaultBridgeNetworkInterface()
-	if networkBinding == "passt" {
-		networkInterface = kvv1.Interface{
-			Name: networkInterface.Name,
-			Binding: &kvv1.PluginBinding{
-				Name: "passt",
-			},
-		}
-	}
+func NewProvisioner(k8sClient client.Client, namespace, volumeMode string) *Provisioner {
 	return &Provisioner{
-		k8sClient:        k8sClient,
-		namespace:        namespace,
-		volumeMode:       v1.PersistentVolumeMode(volumeMode),
-		networkInterface: networkInterface,
+		k8sClient:  k8sClient,
+		namespace:  namespace,
+		volumeMode: v1.PersistentVolumeMode(volumeMode),
 	}
 }
 
@@ -232,6 +221,16 @@ func (p *Provisioner) ProvisionSteps() []provision.Step[*resources.Machine] {
 				*kvv1.DefaultPodNetwork(),
 			}
 
+			networkInterface := *kvv1.DefaultBridgeNetworkInterface()
+			if data.NetworkBinding == "passt" {
+				networkInterface = kvv1.Interface{
+					Name: networkInterface.Name,
+					Binding: &kvv1.PluginBinding{
+						Name: "passt",
+					},
+				}
+			}
+
 			vm.Spec.Template.Spec.Domain.Devices = kvv1.Devices{
 				Disks: []kvv1.Disk{
 					{
@@ -245,7 +244,7 @@ func (p *Provisioner) ProvisionSteps() []provision.Step[*resources.Machine] {
 					},
 				},
 				Interfaces: []kvv1.Interface{
-					p.networkInterface,
+					networkInterface,
 				},
 			}