Description
When migrating a stateful application (MongoDB) using crane transfer-pvc, directories on the source PVC owned by an application-specific uid (e.g. uid 999, the mongodb user) with 700 permissions are silently skipped by rsync. The destination pod starts with an empty database, with no clear indication to the user that data was not transferred.
Steps to reproduce
- Deploy MongoDB on source cluster via k8s-apps-deployer (or any deployment that runs MongoDB as uid 999)
- Insert test documents into the database
- Run crane transfer-pvc without any pre-steps
- Deploy MongoDB on dest cluster using the transferred PVC
- Query the database — collection is empty (count: 0)
Actual behavior
Status: Partially failed
Failed files:
- /mnt/mongo/data/.mongodb [Permission denied (13)]
- /mnt/mongo/data/_tmp [Permission denied (13)]
- /mnt/mongo/data/diagnostic.data [Permission denied (13)]
- /mnt/mongo/data/journal [Permission denied (13)]
Expected behavior
All files on the source PVC are transferred regardless of file ownership. The destination database contains all source data. This is how MTC/Velero handles the same scenario, velero runs with elevated privileges and reads all files regardless of ownership without any user intervention.
Root cause
The rsync-server and rsync-client pods spawned by crane transfer-pvc run as uid 1000. MongoDB writes its data directories (journal/, _tmp/, diagnostic.data/, .mongodb/) as uid 999 with 700 (owner-only) permissions. rsync running as uid 1000 cannot read these directories and skips them silently.
Workaround
# Run as root on source PVC before transfer-pvc
chmod -R 755 <source-pvc-mount>
Description
When migrating a stateful application (MongoDB) using crane transfer-pvc, directories on the source PVC owned by an application-specific uid (e.g. uid 999, the mongodb user) with 700 permissions are silently skipped by rsync. The destination pod starts with an empty database, with no clear indication to the user that data was not transferred.
Steps to reproduce
Actual behavior
Expected behavior
All files on the source PVC are transferred regardless of file ownership. The destination database contains all source data. This is how MTC/Velero handles the same scenario, velero runs with elevated privileges and reads all files regardless of ownership without any user intervention.
Root cause
The rsync-server and rsync-client pods spawned by crane transfer-pvc run as uid 1000. MongoDB writes its data directories (journal/, _tmp/, diagnostic.data/, .mongodb/) as uid 999 with 700 (owner-only) permissions. rsync running as uid 1000 cannot read these directories and skips them silently.
Workaround