Pod container with wrong Network alias

[victortoso]

Issue Description

When creating a container under a pod, their name appear to be $podname-$ctrname but checking the Network alias, it shows $ctrlname && $podname.

This is a problem If we are running multiple pods under the same network with containers with the same name (as described in .yaml file) as a container from pod2 might try to talk with db from pod1 instead of the one in pod2

Steps to reproduce the issue

pod.yaml

apiVersion: v1
kind: Pod
metadata:
  labels:
    app: foo 
  name: foo
spec:
  containers:
  - name: banner
    image: quay.io/libpod/banner

1. podman kube apply pod.yaml

toso@tapioca ~/pods> podman pod inspect foo --format "{{ (index .Containers 1).Name }}"
foo-banner

toso@tapioca ~/pods> podman inspect foo-banner --format '{{ (index .NetworkSettings.Networks "podman-default-kube-network").Aliases }}'
[banner b72c83c8e2e0 foo]

Describe the results you received

Describe the results you received

The alias to the container is the name as described in .yaml file instead of what is described in the pod itself.

Describe the results you expected

Describe the results you expected

The alias should be the $podname-$containername

podman info output

If you are unable to run podman info for any reason, please provide the podman version, operating system and its version and the architecture you are running.

Fedora 41, latest.


host:
  arch: amd64
  buildahVersion: 1.39.2
  cgroupControllers:
  - cpu
  - io
  - memory
  - pids
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.13-1.fc41.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.13, commit: '
  cpuUtilization:
    idlePercent: 91.94
    systemPercent: 1.94
    userPercent: 6.12
  cpus: 8
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: workstation
    version: "41"
  eventLogger: journald
  freeLocks: 2025
  hostname: tapioca
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 6.13.8-200.fc41.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 2331717632
  memTotal: 33386307584
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.14.0-1.fc41.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.14.0
    package: netavark-1.14.0-1.fc41.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.14.0
  ociRuntime:
    name: crun
    package: crun-1.20-2.fc41.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.20
      commit: 9c9a76ac11994701dd666c4f0b869ceffb599a66
      rundir: /run/user/1000/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20250320.g32f6212-2.fc41.x86_64
    version: ""
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 8589930496
  swapTotal: 8589930496
  uptime: 1h 56m 53.00s (Approximately 0.04 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
store:
  configFile: /home/toso/.config/containers/storage.conf
  containerStore:
    number: 2
    paused: 0
    running: 2
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/toso/.local/share/containers/storage
  graphRootAllocated: 254339448832
  graphRootUsed: 222085140480
  graphStatus:
    Backing Filesystem: btrfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 14
  runRoot: /run/user/1000/containers
  transientStore: false
  volumePath: /home/toso/.local/share/containers/storage/volumes
version:
  APIVersion: 5.4.1
  BuildOrigin: Fedora Project
  Built: 1741651200
  BuiltTime: Tue Mar 11 01:00:00 2025
  GitCommit: b79bc8afe796cba51dd906270a7e1056ccdfcf9e
  GoVersion: go1.23.7
  Os: linux
  OsArch: linux/amd64
  Version: 5.4.1

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

Yes

Additional environment details

Additional environment details

None.

Additional information

Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting

[Luap99]

This is intentional to match k8s behavior so the containers can be resolved by only their name.
5a9074d #16544

As such this is not a bug and I don't think we should change the behavior now again because people might depend on it but I leave it open in case others have better idea how this could be addressed.

[victortoso]

This is intentional to match k8s behavior so the containers can be resolved by only their name.

Right. Would be possible to add $podname-$containername without removing the current behavior?
Let's say I have a reverse-proxy container that will need to talk with multiple Pods, that seems a reasonable approach?

Network is not my thing so I'm sorry if this sounds weird request.

[Luap99]

Would be possible to add $podname-$containername without removing the current behavior?

Yes we should be able to do that, in general the container names is resolved by default. However as pods are special and only have one network namespace that is setup up by the infra it defaults to the pod name. But I see no reason why we couldn't add aliases for all full names as well where we add the short alias version.

[victortoso]

But I see no reason why we couldn't add aliases for all full names as well where we add the short alias version.

Alright, thanks.

One think that I find interesting is that we can't create a container with the same name using podman command line, even if they are in different networks, see:

toso@tapioca ~/pods> podman network create foonet
foonet
toso@tapioca ~/pods> podman network create barnet
barnet
toso@tapioca ~/pods> podman pod create --network foonet --name foo
6853030e4b79631c76be29925fd895920f25aa063bfe902c15f6eb56ae05c68f
toso@tapioca ~/pods> podman pod create --network barnet --name bar
eae6e043f14db7d5aa76f4f1b7f08e5ee8784fb35c06a76488e72d58e4da802c
toso@tapioca ~/pods> podman run -dt --pod foo --name banner quay.io/libpod/banner
138fe220d37f0fa98fb97094d14217fdf630fcf390a9381e07ce3e48380453d7
toso@tapioca ~/pods> podman run -dt --pod bar --name banner quay.io/libpod/banner
Error: creating container storage: the container name "banner" is already in use by 138fe220d37f0fa98fb97094d14217fdf630fcf390a9381e07ce3e48380453d7. You have to remove that container to be able to reuse that name: that name is already in use, or use --replace to instruct Podman to do so.
toso@tapioca ~/pods [125]>

If we can over kube play, perhaps the above should be allowed too?

[baude]

I'm going to add the RFE label ...

[github-actions]

A friendly reminder that this issue had no activity for 30 days.