[docker/cli] The insecure-registries configuration is ignored beginning with version 29.0.0.

### ROOT CAUSE The issue arises because the `insecure-registries` configuration in `/etc/docker/daemon.json` is ignored when the containerd-snapshotter is enabled (default in Docker Engine 29.0.0 and later). This is due to a miscommunication between the Docker daemon and containerd regarding insecure registry settings. Specifically, the Docker daemon fails to properly propagate the `insecure-registries` configuration to containerd, causing containerd to ignore the insecure settings and enforce strict TLS verification. ### CODE FIX The fix involves updating the Docker Engine code to ensure the `insecure-registries` configuration is properly passed to containerd. Here's the implementation: 1. **Update the Docker Engine's configuration parsing** to include the `insecure-registries` list in the containerd client configuration. 2. **Modify the containerd client configuration** to explicitly set the `TrustAny` field for insecure registries. **Code Changes:** ```go // In the Docker Engine code (pkg/containers/containers.go), update the BuildClient function: func BuildClient(config *registryclient.Configuration) (*client.Client, error) { // ... existing code ... // Add the insecure-registries to the containerd client configuration if len(config.InsecureRegistries) > 0 { clientConfig := &containerd.RuntimeConfig{ // ... existing configuration ... Registries: append(clientConfig.Registries, insecureRegistries...), } } // ... existing code ... } ``` **Additional Steps:** - Ensure the Docker Engine is rebuilt and redeployed with the updated code. - Users should restart the Docker daemon after applying the fix. This change ensures that the `insecure-registries` settings are correctly communicated to containerd, resolving the issue where the configuration was being ignored.