kratos SSOT 재설계

config-restored/compose/compose.ory.yaml

@@ -236,21 +236,12 @@ services:
 
     # 기본 RP (Admin Front 등) 자동 등록 컨테이너
     init-rp:
-        image: alpine:latest
+        image: oryd/hydra:${HYDRA_CLI_VERSION:-v26.2.0}
         env_file:
             - .env
+        entrypoint: ["/bin/sh", "-ec"]
         command:
-            - /bin/sh
-            - -ec
             - |
-                apk add --no-cache curl tar
-                HYDRA_CLI_VERSION="$${HYDRA_VERSION:-v26.2.0}"
-                HYDRA_CLI_VERSION="$${HYDRA_CLI_VERSION%-distroless}"
-                HYDRA_CLI_ARCHIVE_VERSION="$${HYDRA_CLI_VERSION#v}"
-                curl -fsSLo /tmp/hydra.tar.gz "https://github.com/ory/hydra/releases/download/$${HYDRA_CLI_VERSION}/hydra_$${HYDRA_CLI_ARCHIVE_VERSION}-linux_64bit.tar.gz"
-                tar -xzf /tmp/hydra.tar.gz -C /usr/local/bin hydra
-                rm /tmp/hydra.tar.gz
-
                 hydra delete oauth2-client --endpoint "$${HYDRA_ADMIN_URL}" adminfront >/dev/null 2>&1 || true
                 hydra delete oauth2-client --endpoint "$${HYDRA_ADMIN_URL}" devfront >/dev/null 2>&1 || true
                 hydra delete oauth2-client --endpoint "$${HYDRA_ADMIN_URL}" orgfront >/dev/null 2>&1 || true
@@ -270,21 +261,21 @@ services:
                   --endpoint "$${HYDRA_ADMIN_URL}" \
                   --id devfront \
                   --name "DevFront" \
-                --grant-type authorization_code,refresh_token \
-                --response-type code \
-                --scope openid,offline_access,profile,email \
-                --token-endpoint-auth-method none \
-                --redirect-uri ${DEVFRONT_CALLBACK_URLS}
+                  --grant-type authorization_code,refresh_token \
+                  --response-type code \
+                  --scope openid,offline_access,profile,email \
+                  --token-endpoint-auth-method none \
+                  --redirect-uri ${DEVFRONT_CALLBACK_URLS}
 
                 hydra create oauth2-client \
                   --endpoint "$${HYDRA_ADMIN_URL}" \
                   --id orgfront \
                   --name "OrgFront" \
-                --grant-type authorization_code,refresh_token \
-                --response-type code \
-                --scope openid,offline_access,profile,email \
-                --token-endpoint-auth-method none \
-                --redirect-uri ${ORGFRONT_CALLBACK_URLS}
+                  --grant-type authorization_code,refresh_token \
+                  --response-type code \
+                  --scope openid,offline_access,profile,email \
+                  --token-endpoint-auth-method none \
+                  --redirect-uri ${ORGFRONT_CALLBACK_URLS}
 
                 hydra create oauth2-client \
                   --endpoint "$${HYDRA_ADMIN_URL}" \

config-restored/compose/docker-compose.yaml

@@ -55,6 +55,10 @@ services:
         build:
             context: .
             dockerfile: ./adminfront/Dockerfile
+            args:
+                VITE_ADMIN_PUBLIC_URL: ${ADMINFRONT_URL}
+                VITE_OIDC_AUTHORITY: ${VITE_OIDC_AUTHORITY}
+                VITE_OIDC_CLIENT_ID: adminfront
         container_name: baron_adminfront
         env_file:
             - .env
@@ -80,6 +84,10 @@ services:
         build:
             context: .
             dockerfile: ./devfront/Dockerfile
+            args:
+                VITE_DEVFRONT_PUBLIC_URL: ${DEVFRONT_URL}
+                VITE_OIDC_AUTHORITY: ${VITE_OIDC_AUTHORITY}
+                VITE_OIDC_CLIENT_ID: devfront
         container_name: baron_devfront
         env_file:
             - .env
@@ -105,6 +113,10 @@ services:
         build:
             context: .
             dockerfile: ./orgfront/Dockerfile
+            args:
+                VITE_ORGFRONT_PUBLIC_URL: ${ORGFRONT_URL}
+                VITE_OIDC_AUTHORITY: ${VITE_OIDC_AUTHORITY}
+                VITE_OIDC_CLIENT_ID: orgfront
         container_name: baron_orgfront
         env_file:
             - .env
@@ -172,6 +184,33 @@ services:
         networks:
             - baron_net
 
+    promtail:
+        image: grafana/promtail:2.9.0
+        container_name: baron_promtail
+        restart: unless-stopped
+        volumes:
+            - /var/run/docker.sock:/var/run/docker.sock:ro
+            - /var/lib/docker/containers:/var/lib/docker/containers:ro
+            - ./docker/promtail-config.template.yaml:/etc/promtail/promtail-config.yaml:ro
+        command: -config.file=/etc/promtail/promtail-config.yaml -config.expand-env=true
+        environment:
+            - LOKI_URL=${LOKI_URL:-http://loki:3100/loki/api/v1/push}
+            - APP_ENV=${APP_ENV:-development}
+        networks:
+            - baron_net
+
+    blackbox-exporter:
+        image: prom/blackbox-exporter:v0.25.0
+        container_name: baron_blackbox_exporter
+        restart: unless-stopped
+        ports:
+            - "9115:9115"
+        volumes:
+            - ./docker/monitor/blackbox.yml:/etc/blackbox_exporter/config.yml:ro
+        networks:
+            - baron_net
+            - ory-net
+
 networks:
     baron_net:
         external: true