Expected behavior and actual behavior
Expected behavior
Harbor should successfully validate https://registry.istio.io as a generic Docker Registry endpoint when no credentials are configured.
The registry hosts publicly accessible images. For example, the following anonymous pull succeeds:
docker pull registry.istio.io/release/proxyv2:1.26.4
Consequently, Harbor should:
- consider the endpoint healthy;
- allow it to be registered as a remote registry;
- allow the endpoint to be used by a proxy cache project.
Actual behavior
Harbor rejects the registry endpoint as unhealthy:
{"errors":[{"code":"BAD_REQUEST","message":"the registry is unhealthy"}]}
The Harbor core logs contain:
[/pkg/reg/adapter/native/adapter.go:126]: failed to ping registry https://registry.istio.io: http status code: 400, body: {"error":"scope is required"}
Steps to reproduce the problem
Prerequisites
- A Harbor instance with administrator access
- Outbound HTTPS access from harbor-core to registry.istio.io
- No credentials configured for the remote registry
- Docker, Podman, crane, or another OCI client
Verify that the image is publicly pullable
docker logout registry.istio.io 2>/dev/null || true
docker pull registry.istio.io/release/proxyv2:1.26.4
Expected result:
1.26.4: Pulling from release/proxyv2
...
Status: Downloaded newer image for registry.istio.io/release/proxyv2:1.26.4
Reproduce the failure through the Harbor UI
In the Harbor administration interface:
- Open Administration → Registries.
- Select New Endpoint.
- Select Docker Registry as the provider.
- Enter a name such as istio.
- Enter: https://registry.istio.io
- Leave Access ID and Access Secret empty.
- Click Test Connection or save the endpoint.
Observed result:
The registry is unhealthy
Versions:
- harbor version: 2.14.3
- docker engine version: 28.5.1
Expected behavior and actual behavior
Expected behavior
Harbor should successfully validate https://registry.istio.io as a generic Docker Registry endpoint when no credentials are configured.
The registry hosts publicly accessible images. For example, the following anonymous pull succeeds:
docker pull registry.istio.io/release/proxyv2:1.26.4
Consequently, Harbor should:
Actual behavior
Harbor rejects the registry endpoint as unhealthy:
The Harbor core logs contain:
Steps to reproduce the problem
Prerequisites
Verify that the image is publicly pullable
Expected result:
Reproduce the failure through the Harbor UI
In the Harbor administration interface:
Observed result:
The registry is unhealthy
Versions: