worksmobile 연동 & ory stack 26.2.0으로 업그레이드

compose.ory.yaml

@@ -39,7 +39,7 @@ services:
             - KRATOS_SELFSERVICE_FLOWS_LOGOUT_AFTER_DEFAULT_BROWSER_RETURN_URL=${KRATOS_UI_URL:-http://localhost:5000}/login
         volumes:
             - ./docker/ory/kratos:/etc/config/kratos
-        command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
+        command: migrate sql up -e -c /etc/config/kratos/kratos.yml --yes
         depends_on:
             postgres_ory:
                 condition: service_healthy
@@ -134,6 +134,14 @@ services:
             - ory-net
 
     # --- Oathkeeper ---
+    oathkeeper_logs_init:
+        image: alpine:latest
+        command: ["sh", "-c", "mkdir -p /var/log/oathkeeper && chown -R ${OATHKEEPER_UID:-1001}:${OATHKEEPER_GID:-1001} /var/log/oathkeeper"]
+        volumes:
+            - oathkeeper_logs:/var/log/oathkeeper
+        networks:
+            - ory-net
+
     oathkeeper:
         image: oryd/oathkeeper:${OATHKEEPER_VERSION:-v25.4.0}
         container_name: ory_oathkeeper
@@ -149,6 +157,9 @@ services:
             - ./docker/ory/oathkeeper:/etc/config/oathkeeper
             - oathkeeper_logs:/var/log/oathkeeper
         entrypoint: ["/etc/config/oathkeeper/entrypoint.sh"]
+        depends_on:
+            oathkeeper_logs_init:
+                condition: service_completed_successfully
         networks:
             - ory-net
             - public_net
@@ -168,6 +179,9 @@ services:
     ory_vector:
         image: timberio/vector:0.36.0-alpine
         container_name: ory_vector
+        environment:
+            - ORY_CLICKHOUSE_USER=${ORY_CLICKHOUSE_USER:-ory}
+            - ORY_CLICKHOUSE_PASSWORD=${ORY_CLICKHOUSE_PASSWORD:-orypass}
         volumes:
             - ./docker/ory/vector:/etc/vector
             - oathkeeper_logs:/var/log/oathkeeper
@@ -199,11 +213,21 @@ services:
 
     # 기본 RP (Admin Front 등) 자동 등록 컨테이너
     init-rp:
-        image: oryd/hydra:v25.4.0
-        entrypoint: ["/bin/sh"]
+        image: alpine:latest
+        env_file:
+            - .env
         command:
+            - /bin/sh
             - -ec
             - |
+              apk add --no-cache curl tar
+              HYDRA_CLI_VERSION="$${HYDRA_VERSION:-v26.2.0}"
+              HYDRA_CLI_VERSION="$${HYDRA_CLI_VERSION%-distroless}"
+              HYDRA_CLI_ARCHIVE_VERSION="$${HYDRA_CLI_VERSION#v}"
+              curl -fsSLo /tmp/hydra.tar.gz "https://github.com/ory/hydra/releases/download/$${HYDRA_CLI_VERSION}/hydra_$${HYDRA_CLI_ARCHIVE_VERSION}-linux_64bit.tar.gz"
+              tar -xzf /tmp/hydra.tar.gz -C /usr/local/bin hydra
+              rm /tmp/hydra.tar.gz
+
               hydra delete oauth2-client --endpoint http://hydra:4445 adminfront >/dev/null 2>&1 || true
               hydra delete oauth2-client --endpoint http://hydra:4445 devfront >/dev/null 2>&1 || true
               hydra delete oauth2-client --endpoint http://hydra:4445 orgfront >/dev/null 2>&1 || true