I’m trying to setup and insecure containerd client to pull images from an insecure private registry using the following code:

package main
 
import (
    "context"
    "crypto/tls"
    "fmt"
    "os"
 
    "github.com/awslabs/soci-snapshotter/fs/source"
    "github.com/containerd/containerd"
    "github.com/containerd/containerd/pkg/snapshotters"
    "github.com/containerd/containerd/remotes/docker"
    "github.com/containerd/containerd/remotes/docker/config"
)
 
func main() {
    var address = "/run/containerd/containerd.sock"
    var ref = "localhost:5000/python:3.9"
    var sociIndexDigest = "sha256:7b09431ef0749bee7491ba28d1adbe6e6e9e008e9be65fe35eed0aca31a01c91"
 
    client, err := containerd.New(address, containerd.WithDefaultNamespace("default"))
    if err != nil {
        fmt.Println(err.Error())
        os.Exit(1)
    }
    defer client.Close()
 
    options := docker.ResolverOptions{
        Hosts: config.ConfigureHosts(context.TODO(), config.HostOptions{
            DefaultScheme: "http",
            DefaultTLS: &tls.Config{
                InsecureSkipVerify: true,
            },
        }),
    }
 
    _, err = client.Pull(context.TODO(), ref,
        containerd.WithResolver(docker.NewResolver(options)),
        containerd.WithPullSnapshotter("soci"),
        containerd.WithPullUnpack,
        containerd.WithImageHandlerWrapper(source.AppendDefaultLabelsHandlerWrapper(sociIndexDigest, snapshotters.AppendInfoHandlerWrapper(ref))))
    if err != nil {
        fmt.Println(err.Error())
        os.Exit(1)
    }
    fmt.Println("Success")
}

Unfortunately, I keep getting few errors (from logs cropped):

{"error":"skipping mounting layer sha256:a99509a323905a80628005e4f3bc26ac15ebaf3ffdb08a9646a7f2d110ab38f9 as FUSE mount: no ztoc for layer","key":"default/33/extract-128831236-kfhG sha256:781d5934416a582cf712c35212a8f92940c0223da02c1360d9ebb834d0f2c873","level":"warning","msg":"failed to prepare remote snapshot","parent":"sha256:9bb22d850b6e163c76b5cee00494067210e96c4cf585e2cd9d68898e31f43f69","remote-snapshot-prepared":"false","time":"2024-06-13T14:49:30.132049905Z"}
...
...
{"error":"cannot unpack the layer: cannot fetch layer: unable to fetch descriptor (sha256:a99509a323905a80628005e4f3bc26ac15ebaf3ffdb08a9646a7f2d110ab38f9) from remote store: Get "https://localhost:5000/v2/python/blobs/sha256:a99509a323905a80628005e4f3bc26ac15ebaf3ffdb08a9646a7f2d110ab38f9": context canceled","key":"default/33/extract-128831236-kfhG sha256:781d5934416a582cf712c35212a8f92940c0223da02c1360d9ebb834d0f2c873","level":"warning","msg":"failed to prepare snapshot; deferring to container runtime","parent":"sha256:9bb22d850b6e163c76b5cee00494067210e96c4cf585e2cd9d68898e31f43f69","time":"2024-06-13T14:49:30.363771421Z"}
...
...
{"error":"cannot unpack the layer: cannot fetch layer: unable to fetch descriptor (sha256:a99509a323905a80628005e4f3bc26ac15ebaf3ffdb08a9646a7f2d110ab38f9) from remote store: Get "https://localhost:5000/v2/python/blobs/sha256:a99509a323905a80628005e4f3bc26ac15ebaf3ffdb08a9646a7f2d110ab38f9": unknown "unknown": giving up request after 9 attempt(s): Get "https://localhost:5000/v2/python/blobs/sha256:a99509a323905a80628005e4f3bc26ac15ebaf3ffdb08a9646a7f2d110ab38f9": http: server gave HTTP response to HTTPS client","key":"default/34/extract-776892714-Ki3b sha256:781d5934416a582cf712c35212a8f92940c0223da02c1360d9ebb834d0f2c873","level":"warning","msg":"failed to prepare snapshot; deferring to container runtime","parent":"sha256:9bb22d850b6e163c76b5cee00494067210e96c4cf585e2cd9d68898e31f43f69","time":"2024-06-13T14:49:44.089475833Z"}

I’ve configured my /etc/containerd/config.toml with the necessary parameters. Is anything I’m missing or doing incorrectly?