Erich Blume 5c5fd18cac Add Authentik OIDC integration for Mealie

Configure Mealie as a public PKCE client in Authentik. Mealie's OIDC
flow runs client-side (Vue.js SPA) so it uses PKCE instead of a
client_secret. No 1Password secret or ExternalSecret needed.

- Add mealie.yaml blueprint to Authentik configmap (public client, admins group)
- Add OIDC env vars to Mealie deployment
- Update service docs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-16 21:15:21 -07:00

1.6 KiB

Raw Blame History

title

modified

Mealie

Self-hosted recipe manager with a REST API. Part of the meal planning pipeline: Mealie stores categorized recipes, a planner script selects balanced meals, and ollama generates a unified cooking timeline.

Quick Reference

Property	Value
URL	https://meals.ops.eblu.me
Tailscale URL	https://meals.tail8d86e.ts.net
Namespace	`mealie`
Image	`registry.ops.eblu.me/blumeops/mealie` (built from source)
Database	SQLite (local, at `/app/data/`)
API Docs	https://meals.ops.eblu.me/docs
Upstream	https://github.com/mealie-recipes/mealie
Manifests	`argocd/manifests/mealie/`

Features

Full REST API (FastAPI) for recipe CRUD, filtering by tag/category
Structured recipe data: ingredients (quantity/unit/food), step-by-step instructions
Built-in meal planning and shopping lists
Recipe import from URLs
API token auth for automation
OIDC login via authentik (public client with PKCE)

Storage

2Gi PVC at /app/data/ via local-path storageClassName
SQLite database (sufficient for single-user, no network storage concerns on minikube)
Recipe images and assets stored alongside the database

Networking

Endpoint	Reachable from
`https://meals.ops.eblu.me`	Tailnet clients (via Caddy)
`https://meals.tail8d86e.ts.net`	Tailnet clients
`http://mealie.mealie.svc.cluster.local:9000`	In-cluster

ollama — LLM backend for meal timeline generation
borgmatic — Data backup

1.6 KiB Raw Blame History