diff --git a/openstack-tf/d4s-production/harbor/main.tf b/openstack-tf/d4s-production/harbor/main.tf
new file mode 100644
index 0000000..77d139e
--- /dev/null
+++ b/openstack-tf/d4s-production/harbor/main.tf
@@ -0,0 +1,165 @@
+# Define required providers
+terraform {
+  required_version = ">= 0.14.0"
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = ">= 1.54.0"
+    }
+  }
+}
+
+data "terraform_remote_state" "privnet_dns_router" {
+  backend = "local"
+
+  config = {
+    path = "../project-setup/terraform.tfstate"
+  }
+}
+
+data "terraform_remote_state" "infrastructure_setup" {
+  backend = "local"
+
+  config = {
+    path = "../basic-infrastructure/terraform.tfstate"
+  }
+}
+
+#
+# Uses common_variables as module
+#
+module "common_variables" {
+  source = "../../modules/common_variables"
+}
+
+# Module used
+module "ssh_settings" {
+  source = "../../modules/ssh-key-ref"
+}
+
+resource "openstack_networking_secgroup_v2" "harbor_access_list" {
+  name                 = "harbor_access_list"
+  delete_default_rules = "true"
+  description          = "Allowed connections to the harbor server"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "access_to_the_harbor_server" {
+  for_each          = toset([var.harbor_allowed_sources.infrascience_net, var.harbor_allowed_sources.openstack_production])
+  security_group_id = openstack_networking_secgroup_v2.harbor_access_list.id
+  description       = "Access to the Harbor Server"
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = 8080
+  port_range_max    = 8080
+  remote_ip_prefix  = each.value
+}
+
+# Block device
+resource "openstack_blockstorage_volume_v3" "harbor_data_vol" {
+  name = var.harbor_data.vol_data_name
+  size = var.harbor_data.vol_data_size
+}
+
+resource "openstack_blockstorage_volume_v3" "harbor_docker_vol" {
+  name = var.harbor_data.vol_docker_name
+  size = var.harbor_data.vol_docker_size
+}
+
+
+#
+# Ports in the timescaleDB network
+resource "openstack_networking_port_v2" "harbor_port_on_main_net" {
+  name           = "harbor_port_on_main_net"
+  network_id     = data.terraform_remote_state.privnet_dns_router.outputs.main_private_network_id
+  admin_state_up = "true"
+  fixed_ip {
+    subnet_id = data.terraform_remote_state.privnet_dns_router.outputs.main_subnet_network_id
+  }
+  security_group_ids = [
+    openstack_networking_secgroup_v2.harbor_access_list.id,
+    data.terraform_remote_state.infrastructure_setup.outputs.default_security_group.id
+  ]
+}
+
+# Instance
+resource "openstack_compute_instance_v2" "harbor_server" {
+  name                    = var.harbor_data.name
+  availability_zone_hints = module.common_variables.availability_zone_no_gpu_name
+  flavor_name             = var.harbor_data.flavor
+  key_pair                = module.ssh_settings.ssh_key_name
+  security_groups         = [data.terraform_remote_state.infrastructure_setup.outputs.default_security_group.name, data.terraform_remote_state.infrastructure_setup.outputs.access_postgresql_security_group.name, openstack_networking_secgroup_v2.harbor_access_list.name]
+  block_device {
+    uuid                  = module.common_variables.ubuntu_2204.uuid
+    source_type           = "image"
+    volume_size           = 10
+    boot_index            = 0
+    destination_type      = "volume"
+    delete_on_termination = false
+  }
+
+  network {
+    name        = module.common_variables.networks_with_d4s_services.infrascience_net
+    fixed_ip_v4 = var.harbor_data.server_ip
+  }
+  user_data = file("${module.common_variables.ubuntu2204_data_file}")
+  # Do not replace the instance when the ssh key changes
+  lifecycle {
+    ignore_changes = [
+      # Ignore changes to tags, e.g. because a management agent
+      # updates these based on some ruleset managed elsewhere.
+      key_pair, user_data, network
+    ]
+  }
+}
+
+resource "openstack_compute_volume_attach_v2" "harbor_data_attach_vol" {
+  instance_id = openstack_compute_instance_v2.harbor_server.id
+  volume_id   = openstack_blockstorage_volume_v3.harbor_data_vol.id
+  device      = var.harbor_data.vol_data_device
+  depends_on  = [openstack_compute_instance_v2.harbor_server]
+}
+
+resource "openstack_compute_volume_attach_v2" "harbor_docker_attach_vol" {
+  instance_id = openstack_compute_instance_v2.harbor_server.id
+  volume_id   = openstack_blockstorage_volume_v3.harbor_docker_vol.id
+  device      = var.harbor_data.vol_docker_device
+  depends_on  = [openstack_compute_instance_v2.harbor_server]
+}
+
+resource "openstack_compute_interface_attach_v2" "main_network_to_harbor" {
+  instance_id = openstack_compute_instance_v2.harbor_server.id
+  port_id     = openstack_networking_port_v2.harbor_port_on_main_net.id
+}
+# Floating IP and DNS record
+resource "openstack_networking_floatingip_v2" "harbor_ip" {
+  pool = data.terraform_remote_state.privnet_dns_router.outputs.floating_ip_pools.main_public_ip_pool
+  # The DNS association does not work because of a bug in the OpenStack API
+  description = "Harbor ip"
+}
+
+resource "openstack_networking_floatingip_associate_v2" "harbor_floatingip_associate" {
+  floating_ip = openstack_networking_floatingip_v2.harbor_ip.address
+  port_id     = openstack_networking_port_v2.harbor_port_on_main_net.id
+}
+
+locals {
+  harbor_recordset_name = "harbor.${data.terraform_remote_state.privnet_dns_router.outputs.dns_zone.zone_name}"
+}
+
+resource "openstack_dns_recordset_v2" "harbor_recordset" {
+  zone_id     = data.terraform_remote_state.privnet_dns_router.outputs.dns_zone_id
+  name        = local.harbor_recordset_name
+  description = "Public IP address of the Harbor Server"
+  ttl         = 8600
+  type        = "A"
+  records     = [openstack_networking_floatingip_v2.harbor_ip.address]
+}
+
+output "harbor_public_ip_address" {
+  value = openstack_networking_floatingip_v2.harbor_ip.address
+}
+
+output "harbor_hostname" {
+  value = openstack_dns_recordset_v2.harbor_recordset.name
+}
diff --git a/openstack-tf/d4s-production/harbor/provider.tf b/openstack-tf/d4s-production/harbor/provider.tf
new file mode 100644
index 0000000..ca8de74
--- /dev/null
+++ b/openstack-tf/d4s-production/harbor/provider.tf
@@ -0,0 +1,3 @@
+provider "openstack" {
+  cloud = "d4s-production"
+}
diff --git a/openstack-tf/d4s-production/harbor/variables.tf b/openstack-tf/d4s-production/harbor/variables.tf
new file mode 100644
index 0000000..174516d
--- /dev/null
+++ b/openstack-tf/d4s-production/harbor/variables.tf
@@ -0,0 +1,25 @@
+#Harbor  variables
+
+variable "harbor_data" {
+  type = map(string)
+  default = {
+    name            = "harbor-server"
+    flavor          = "m1.xxl"
+    vol_data_name   = "harbor-data"
+    vol_data_size   = "10"
+    vol_data_device = "/dev/vdb"
+    vol_docker_name   = "harbor-docker"
+    vol_docker_size   = "500"
+    vol_docker_device = "/dev/vdc"
+    server_ip       = "146.48.122.5"
+  }
+}
+
+variable "harbor_allowed_sources" {
+  type = map(string)
+  default = {
+    "infrascience_net"     = "146.48.122.0/23"
+    "openstack_production" = "146.48.31.57/32"
+  }
+}
+