diff --git a/apps/harbor/Chart.yaml b/apps/harbor/Chart.yaml
new file mode 100644
index 0000000..8398b20
--- /dev/null
+++ b/apps/harbor/Chart.yaml
@@ -0,0 +1,7 @@
+apiVersion: v2
+name: harbor
+version: 0.1.0
+dependencies:
+  - name: harbor
+    version: 1.18.0
+    repository: https://helm.goharbor.io
diff --git a/apps/harbor/application.yaml b/apps/harbor/application.yaml
new file mode 100644
index 0000000..2a01c40
--- /dev/null
+++ b/apps/harbor/application.yaml
@@ -0,0 +1,38 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: harbor
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://git.mvzijl.nl/marco/veda.git
+    targetRevision: applicationset-rewrite
+    path: apps/harbor
+    helm:
+      releaseName: harbor
+      valueFiles:
+        - values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: harbor
+  ignoreDifferences:
+    - group: gateway.networking.k8s.io
+      kind: HTTPRoute
+      jsonPointers:
+        - /spec/parentRefs/0/group
+        - /spec/parentRefs/0/kind
+        - /spec/rules/0/backendRefs/0/group
+        - /spec/rules/0/backendRefs/0/kind
+        - /spec/rules/0/backendRefs/0/weight
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true
diff --git a/apps/harbor/values.yaml b/apps/harbor/values.yaml
new file mode 100644
index 0000000..b6ec57f
--- /dev/null
+++ b/apps/harbor/values.yaml
@@ -0,0 +1,96 @@
+harbor:
+  expose:
+    type: route
+    tls:
+      enabled: false
+    route:
+      # Attach to your Traefik Gateway + HTTPS listener
+      parentRefs:
+        - name: traefik-gateway        # your Gateway name
+          namespace: traefik           # Gateway namespace
+          sectionName: websecure       # listener name on the Gateway
+      hosts:
+        - harbor.noxxos.nl             # external hostname for Harbor
+
+  # What Harbor advertises to clients (docker login/push)
+  externalURL: https://harbor.noxxos.nl
+
+  # Single-writer PVCs: roll pods with Recreate to avoid multi-writer needs
+  updateStrategy:
+    type: Recreate
+
+  # Persistence via PVCs
+  persistence:
+    enabled: true
+    imageChartStorage:
+      type: filesystem
+    persistentVolumeClaim:
+      registry:
+        storageClass: ceph-block
+        accessMode: ReadWriteOnce
+        size: 100Gi
+      database:
+        storageClass: ceph-block
+        accessMode: ReadWriteOnce
+        size: 10Gi
+      redis:
+        storageClass: ceph-block
+        accessMode: ReadWriteOnce
+        size: 2Gi
+      jobservice:
+        jobLog:
+          storageClass: ceph-block
+          accessMode: ReadWriteOnce
+          size: 2Gi
+      trivy:
+        storageClass: ceph-block
+        accessMode: ReadWriteOnce
+        size: 10Gi
+
+  # Keep replicas at 1 for components that write to RWO PVCs
+  core:
+    replicas: 1
+    resources:
+      requests:
+        cpu: 100m
+        memory: 256Mi
+      limits:
+        memory: 512Mi
+  
+  registry:
+    replicas: 1
+    resources:
+      requests:
+        cpu: 100m
+        memory: 256Mi
+      limits:
+        memory: 512Mi
+  
+  portal:
+    replicas: 1
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        memory: 256Mi
+  
+  jobservice:
+    replicas: 1
+    resources:
+      requests:
+        cpu: 100m
+        memory: 256Mi
+      limits:
+        memory: 512Mi
+  
+  trivy:
+    replicas: 1
+    resources:
+      requests:
+        cpu: 200m
+        memory: 512Mi
+      limits:
+        memory: 1Gi
+
+  harborAdminPassword: "harboradmin"