REST server is leaking monitoring data
It's really cool that you started using Spring Boot Actuator to monitor your data (it wasn't the case a couple of days ago!), but as you don't use Spring Security, this means the monitoring endpoints are available to the outside world.
In your configuration file https://gitlab.inria.fr/stopcovid19/robert-server/-/blob/develop/robert-server-ws-rest/src/main/resources/application.properties#L42 we see that by default you expose the "health" and "metrics" endpoints. The first one isn't probably very dangerous, but I wouldn't expose the second one, you can have lots of things being exposed through it.
You should either add Spring Security, or block this endpoint (just block "/actuator/*") on your gateway/reverse proxy. Or do both, just in case :-)