[bitami/schema-registry] Integrated Schema Registry documentation wit…

…h instructions for SSL setup (#54308)

* [bitami/schema-registry] Integrated Schema Registry documentation with instructions for SSL setup

Signed-off-by: ETisREAL <etpelosato2010@hotmail.it>

* [bitnami/schema-registry] Fixing markdown linting warnings

Signed-off-by: ETisREAL <etpelosato2010@hotmail.it>

* [bitnami/schema-registry] Correcting blanks-around-fences linter warning

Signed-off-by: ETisREAL <etpelosato2010@hotmail.it>

* [bitnami/schema-registry] Correcting MD031 error for fancing

Signed-off-by: ETisREAL <etpelosato2010@hotmail.it>

* Update bitnami/schema-registry/README.md

Co-authored-by: Felipe V.C. Serafim <43246350+fevisera@users.noreply.github.com>
Signed-off-by: Ettore Pelosato <113307574+ETisREAL@users.noreply.github.com>

* Update bitnami/schema-registry/README.md

Co-authored-by: Felipe V.C. Serafim <43246350+fevisera@users.noreply.github.com>
Signed-off-by: Ettore Pelosato <113307574+ETisREAL@users.noreply.github.com>

* Update bitnami/schema-registry/README.md

Co-authored-by: Felipe V.C. Serafim <43246350+fevisera@users.noreply.github.com>
Signed-off-by: Ettore Pelosato <113307574+ETisREAL@users.noreply.github.com>

* Update README.md

Signed-off-by: Ettore Pelosato <113307574+ETisREAL@users.noreply.github.com>

* Removed multiple blank lines before the ##Cotrnibuting section

Signed-off-by: Ettore Pelosato <113307574+ETisREAL@users.noreply.github.com>

---------

Signed-off-by: ETisREAL <etpelosato2010@hotmail.it>
Signed-off-by: Ettore Pelosato <113307574+ETisREAL@users.noreply.github.com>
Co-authored-by: Felipe V.C. Serafim <43246350+fevisera@users.noreply.github.com>

bitnami/schema-registry/README.md

@@ -110,6 +110,35 @@ Please check the configuration settings for the Kakfa service in the [Kafka's RE
 
 Please check the configuration settings for the Kakfa service in the [Zookeeper's README file](https://github.com/bitnami/containers/tree/main/bitnami/zookeeper#configuration).
 
+### Security
+
+The Schema Registry container can be setup to serve clients securely via TLS. To do so, specify the listener protocol as **https** in the `SCHEMA_REGISTRY_LISTENERS` environment variable (e.g. SCHEMA_REGISTRY_LISTENERS=`http://0.0.0.0:8081`,`https://0.0.0.0:8082`).
+
+The keystore and trustore **must** be mounted in the `/opt/bitnami/schema-registry/certs` directory as `ssl.keystore.jks` and `ssl.truststore.jks` respectively. Currently, only JKS formats are supported. Note that the environment variables `SCHEMA_REGISTRY_SSL_KEYSTORE_LOCATION` or `SCHEMA_REGISTRY_SSL_TRUSTSTORE_LOCATION` **will not** override the expected location or file names. Please follow the instructions provided or you will get this error at startup: *ERROR ==> In order to configure HTTPS access, you must mount your ssl.keystore.jks (and optionally the ssl.truststore.jks) to the /opt/bitnami/schema-registry/certs directory*.
+
+Here is a `docker-compose.yml` example that exposes a TLS listener on port `8082`:
+
+``` yaml
+schema-registry:
+  image: bitnami/schema-registry
+  ports:
+    - "8081:8081"
+    - "8082:8082"
+  depends_on:
+    - kafka
+  environment:
+    - SCHEMA_REGISTRY_KAFKA_BROKERS=PLAINTEXT://kafka:9092
+    - SCHEMA_REGISTRY_HOST_NAME=schema-registry
+    - SCHEMA_REGISTRY_LISTENERS=http://0.0.0.0:8081,https://0.0.0.0:8082
+    - SCHEMA_REGISTRY_SSL_KEYSTORE_PASSWORD=keystore
+    - SCHEMA_REGISTRY_SSL_TRUSTSTORE_PASSWORD=keystore
+    - SCHEMA_REGISTRY_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM=none
+    - SCHEMA_REGISTRY_CLIENT_AUTHENTICATION=REQUESTED
+  volumes:
+    - ./keystore.jks:/opt/bitnami/schema-registry/certs/keystore.jks:ro
+    - ./truststore.jks:/opt/bitnami/schema-registry/certs/truststore.jks:ro
+```
+
 ## Using `docker-compose.yaml`
 
 Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated [Bitnami Helm chart](https://github.com/bitnami/charts/tree/main/bitnami/schema-registry).