diff --git a/clusters/atlas/flux-system/applications/harbor/kustomization.yaml b/clusters/atlas/flux-system/applications/harbor/kustomization.yaml
new file mode 100644
index 0000000..62bcdd1
--- /dev/null
+++ b/clusters/atlas/flux-system/applications/harbor/kustomization.yaml
@@ -0,0 +1,18 @@
+# clusters/atlas/flux-system/applications/harbor/kustomization.yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: harbor
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: ./services/harbor
+  targetNamespace: harbor
+  prune: false
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  wait: true
+  dependsOn:
+    - name: core
diff --git a/infrastructure/sources/helm/harbor.yaml b/infrastructure/sources/helm/harbor.yaml
new file mode 100644
index 0000000..575136c
--- /dev/null
+++ b/infrastructure/sources/helm/harbor.yaml
@@ -0,0 +1,9 @@
+# infrastructure/sources/helm/harbor.yaml
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: harbor
+  namespace: flux-system
+spec:
+  interval: 10m
+  url: https://helm.goharbor.io
diff --git a/services/harbor/certificate.yaml b/services/harbor/certificate.yaml
new file mode 100644
index 0000000..ba879a4
--- /dev/null
+++ b/services/harbor/certificate.yaml
@@ -0,0 +1,12 @@
+# services/harbor/certificate.yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: registry-bstein-dev
+  namespace: harbor
+spec:
+  secretName: registry-bstein-dev-tls
+  dnsNames: [ "registry.bstein.dev" ]
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
diff --git a/services/harbor/helmrelease.yaml b/services/harbor/helmrelease.yaml
new file mode 100644
index 0000000..ed7c34e
--- /dev/null
+++ b/services/harbor/helmrelease.yaml
@@ -0,0 +1,71 @@
+# services/harbor/helmrelease.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: harbor
+  namespace: harbor
+spec:
+  interval: 10m
+  chart:
+    spec:
+      chart: harbor
+      version: 1.18.1
+      sourceRef:
+        kind: HelmRepository
+        name: harbor
+        namespace: flux-system
+  values:
+    externalURL: https://registry.bstein.dev
+    expose:
+      type: ingress
+      tls:
+        enabled: true
+        certSource: secret
+        secret:
+          secretName: registry-bstein-dev-tls
+      ingress:
+        className: traefik
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+          traefik.ingress.kubernetes.io/router.tls: "true"
+        hosts:
+          core: registry.bstein.dev
+    persistence:
+      enabled: true
+      resourcePolicy: keep
+      persistentVolumeClaim:
+        registry:
+          existingClaim: harbor-registry
+          accessMode: ReadWriteOnce
+          size: 50Gi
+        jobservice:
+          jobLog:
+            existingClaim: harbor-jobservice-logs
+            accessMode: ReadWriteOnce
+            size: 5Gi
+      imageChartStorage:
+        type: filesystem
+        filesystem:
+          rootdirectory: /storage
+    database:
+      type: external
+      external:
+        host: postgres-service.postgres.svc.cluster.local
+        port: "5432"
+        username: harbor
+        coreDatabase: harbor
+        existingSecret: harbor-db
+        sslmode: disable
+    redis:
+      type: internal
+    trivy:
+      enabled: false
+    metrics:
+      enabled: false
+    cache:
+      enabled: false
+    existingSecretAdminPassword: harbor-core
+    existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
+    updateStrategy:
+      type: Recreate
diff --git a/services/harbor/kustomization.yaml b/services/harbor/kustomization.yaml
new file mode 100644
index 0000000..eb27a25
--- /dev/null
+++ b/services/harbor/kustomization.yaml
@@ -0,0 +1,9 @@
+# services/harbor/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: harbor
+resources:
+  - namespace.yaml
+  - pvc.yaml
+  - certificate.yaml
+  - helmrelease.yaml
diff --git a/services/harbor/namespace.yaml b/services/harbor/namespace.yaml
new file mode 100644
index 0000000..47b7daf
--- /dev/null
+++ b/services/harbor/namespace.yaml
@@ -0,0 +1,5 @@
+# services/harbor/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: harbor
diff --git a/services/harbor/pvc.yaml b/services/harbor/pvc.yaml
new file mode 100644
index 0000000..e985416
--- /dev/null
+++ b/services/harbor/pvc.yaml
@@ -0,0 +1,24 @@
+# services/harbor/pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: harbor-registry
+  namespace: harbor
+spec:
+  accessModes: [ "ReadWriteOnce" ]
+  resources:
+    requests:
+      storage: 50Gi
+  storageClassName: asteria
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: harbor-jobservice-logs
+  namespace: harbor
+spec:
+  accessModes: [ "ReadWriteOnce" ]
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: asteria