/dev/shm volume is filling up

[miminar]

Describe the bug

/dev/shm in authentik-server pod is quickly filling up. k8s' default volume size limit is 64Mi which is completely filled up within 6 hours.

Once filled, the container starts to restart, which doesn't really help, because the /dev/shm volume remains filled.

Bumping the size of /dev/shm volume to 512Mi just delays the symptoms to 48 hours.

To Reproduce

Steps to reproduce the behavior:

1. deploy the helm chart on k8s with metrics enabled:

   authentik:
     server:
       metrics:
         enabled: true
         serviceMonitor:
           enabled: true

2. sync users with LDAP with large quantities of users (>10000) and groups

3. add a couple of applications+providers secured with the OAuth2/OpenID Provider for users to use

Expected behavior

/dev/shm does not ever run out of space

Screenshots
If applicable, add screenshots to help explain your problem.

Logs
Output of docker-compose logs or kubectl logs respectively

Version and Deployment (please complete the following information):

• authentik version: 2024.6.2
• using helm chart authentik-2024.6.2
• k8s version: v1.30.2+k0s

Additional context
Add any other context about the problem here.

The problematic files with unbounded growth are under /dev/shm/authentik_prometheus_tmp (showing the recent state shortly after a restart of the pod):

authentik@authentik-users-server-675b58969b-qjwcv:/$ du -ah /dev/shm/
0       /dev/shm/authentik-core.sock
4.0K    /dev/shm/authentik-gunicorn.3372311009.pid
1008K   /dev/shm/authentik_prometheus_tmp/gauge_all_1.db
8.8M    /dev/shm/authentik_prometheus_tmp/histogram_1.db
32K     /dev/shm/authentik_prometheus_tmp/counter_1.db
3.4M    /dev/shm/authentik_prometheus_tmp/gauge_all_2.db
29M     /dev/shm/authentik_prometheus_tmp/histogram_2.db
28K     /dev/shm/authentik_prometheus_tmp/counter_2.db
42M     /dev/shm/authentik_prometheus_tmp
0       /dev/shm/authentik_worker_tmp
4.0K    /dev/shm/authentik-mode
42M     /dev/shm/

Progress with 512Mi size limit:

This is how how we increased the size limit in helm values file:

authentik:
  server:
    volumes:
      - name: dev-shm
        emptyDir:
          medium: Memory
          sizeLimit: 512Mi
    volumeMounts:
      - name: dev-shm
        mountPath: /dev/shm

[authentik-automation]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[bestrocker221]

I am having the same problem with the outpost container, /dev/shm fills up and prevent authentik to work properly.
Folder is full of session files (small)

[ianbutler-ot]

I am seeing this issue with version 2025.8.1, and it is different than #12230. The files are mostly counter_*.db or histogram_*.db

After about two hours of running it looks something like this:

total 3396
-rw------- 1 authentik authentik      88 Sep 24 18:01 authentik-core-ipc.key
-rw------- 1 authentik authentik      88 Sep 24 18:01 authentik-core-metrics.key
srwxrwxrwx 1 authentik authentik       0 Sep 24 18:01 authentik-core.sock
-rw-r--r-- 1 authentik authentik       3 Sep 24 18:01 authentik-gunicorn.377312124.pid
-rw-r--r-- 1 authentik authentik       7 Sep 24 18:01 authentik-mode
-rw-r--r-- 1 authentik authentik       1 Sep 24 18:01 authentik-worker.pid
drwxr-xr-x 2 authentik authentik      40 Sep 24 19:16 authentik_gunicorn_tmp
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:51 counter_1.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 counter_11.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:31 counter_2.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 counter_23.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 19:01 counter_2325.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 19:16 counter_2843.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:40 counter_36.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 counter_45.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 counter_46.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 counter_47.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 counter_48.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 counter_7.db
drwxr-xr-x 2 authentik authentik      40 Sep 24 18:01 dramatiq-prometheus
-rw-r--r-- 1 authentik authentik   65536 Sep 24 19:16 gauge_all_1.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 gauge_all_2.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:40 gauge_livesum_36.db
-rw-r--r-- 1 authentik authentik  524288 Sep 24 19:38 histogram_1.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 histogram_11.db
-rw-r--r-- 1 authentik authentik  524288 Sep 24 19:38 histogram_2.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 histogram_23.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 19:01 histogram_2325.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 19:16 histogram_2843.db
-rw-r--r-- 1 authentik authentik 4194304 Sep 24 19:47 histogram_36.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 histogram_45.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 histogram_46.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 histogram_47.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 histogram_48.db
-rw-r--r-- 1 authentik authentik   65536 Sep 24 18:01 histogram_7.db

After a few days of uptime, it fills with hundreds of these files with a wide range of timestamps, e.g.

-rw-r--r-- 1 authentik authentik    65536 Sep 23 17:59 counter_1.db
-rw-r--r-- 1 authentik authentik    65536 Sep 19 18:20 counter_10.db
-rw-r--r-- 1 authentik authentik    65536 Sep 22 21:13 counter_101568.db

[BeryJu]

@ianbutler-ot see #16386, this has been fixed with 2025.8.2, we recommend upgrading to 2025.8.3

[bboyles303]

I've upgraded to 2025.8.3 and am experiencing the same issue on my proxy outpost with /dev/shm in the container filling to max every few days.

[BeryJu]

issues with the proxy outpost are not related to this, please open a new issue for that @bboyles303

[goldseal-ethan]

@BeryJu I'm not sure this really is fixed. We upgraded to 2025.8.3 and while the files have been reorganized, the SHM usage is still growing too quickly. Running for 48 hours already has us at 36MB out of the default SHM size of 64MB. We've raised our SHM size in Compose to 512MB to give us some wiggle room, but it will still eventually reach that size limit and crash. In the meantime we'll have to manually monitor the SHM usage and restart the Compose stack when it gets close to the limit.

[BeryJu]

@goldseal-ethan is this in the worker or the server container?

[tbe]

@BeryJu we just encountered this exact issue with the server container.

Metrics are NOT enabled in the helmchart. But we have a growing authentik_prometheus_tmp

[mtroshyn]

We are facing the same issue with fulfilling /dev/shm/authentik_prometheus_tmp folder in goauthentik server, that runs in docker container. When /dev/shm is full, gunicorn can't respawn process when it reaches max_requests this cause 502 errors when processing requests. Besides, the /-/health/live/ endpoint used for healthchecks, returns 200 HTTP response when the other endpoint returns 502 HTTP code. Increasing /dev/shm size or cleaning /dev/shm/authentik_prometheus_tmp looks like workaround. But to be honest, I am expecting have more intelligent solution.