Hi all, We deploy our kratos instance with helm into our k8s cluster. We noticed that every time when we run a

helm upgrade

the users session got rejected and they need to reauthenticate themselves. Has anybody faced with this issue before? What should be checked in values.yaml regarding this?

What are you using for your data persistence? It sounds like you're still using the default

dsn:memory

which won't persist between restarts You'll need to be using a SQL database of some kind. - https://www.ory.sh/docs/self-hosted/deployment

Nope. We are using a mysql DB with these options:

dsn: mysql://${WRITE_DB_HOST}/kratos?max_conns=20&max_idle_conns=4&sql_mode=TRADITIONAL

Just to be sure, have you validated that it's actually using MySQL? (checked there is data within the tables). Also, I assume you're not using the default values for the number of pods too (which is 1)?

Yes it has many entries in the DB. We are using 1 pod as in the default values. But we tried to scale up to 2 and it does not helped. New helm upgrade/release basically, logs out every identities.

sounds a bit like it could be a disconnection problem, the old instance loses connection to the db before the new pods established it. Have you tried a 3 replica setup with a rolling release strategy?

Nope, but finally found the problem. We haven’t set up COOKIE_SECRET in the kratos config directly. I assume it regenerated for all the new releases and the previous cookies lost their functionality and the users had to login again to get a new cookie with the new secret. Thank you for your help.