feat(sandbox-gateway): support parse sandboxID from domain related he… (#234)

* feat(sandbox-gateway): support parse sandboxID from domain related header

Signed-off-by: xianying.czy <xianying.czy@alibaba-inc.com>

Author: chengzhycn

.github/workflows/e2e-e2b-2.4.1.yaml

@@ -101,6 +101,5 @@ jobs:
           export KUBECONFIG=/home/runner/.kube/config
           export E2B_DOMAIN=localhost
           export E2B_API_KEY=some-api-key
-          sudo -E kubectl port-forward services/sandbox-manager 80:7788 -n sandbox-system &
           bash hack/run-e2b-e2e-test.sh --e2b-version 2.8.1 --sdk-version 2.4.1
 

.github/workflows/e2e-e2b-latest.yaml

@@ -102,6 +102,5 @@ jobs:
           export KUBECONFIG=/home/runner/.kube/config
           export E2B_DOMAIN=localhost
           export E2B_API_KEY=some-api-key
-          sudo -E kubectl port-forward services/sandbox-manager 80:7788 -n sandbox-system &
           bash hack/run-e2b-e2e-test.sh
 

config/sandbox-gateway/configmap.yaml

@@ -26,6 +26,12 @@ data:
                   typed_config:
                     "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                     stat_prefix: ingress_http
+                    access_log:
+                      - name: envoy.access_loggers.stdout
+                        typed_config:
+                          "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
+                          log_format:
+                            text_format: "[%START_TIME%] %REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL% %RESPONSE_CODE% %BYTES_SENT% %DURATION%ms req_id=%REQ(X-REQUEST-ID)%\n"
                     route_config:
                       name: local_route
                       virtual_hosts:
@@ -45,6 +51,11 @@ data:
                           plugin_name: sandbox-gateway
                           plugin_config:
                             "@type": type.googleapis.com/xds.type.v3.TypedStruct
+                            value:
+                              host-header-name: "Host"
+                              sandbox-header-name: "e2b-sandbox-id"
+                              sandbox-port-header: "e2b-sandbox-port"
+                              default-port: "49983"
                       - name: envoy.filters.http.router
                         typed_config:
                           "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router

config/sandbox-gateway/deployment.yaml

@@ -4,13 +4,15 @@ metadata:
   name: sandbox-gateway
   namespace: sandbox-system
   labels:
+    component: sandbox-manager
     app.kubernetes.io/name: sandbox-gateway
     app.kubernetes.io/managed-by: kustomize
 spec:
-  replicas: 2
+  replicas: 1
   selector:
     matchLabels:
       app.kubernetes.io/name: sandbox-gateway
+      component: sandbox-manager
   strategy:
     type: RollingUpdate
     rollingUpdate:
@@ -20,6 +22,7 @@ spec:
     metadata:
       labels:
         app.kubernetes.io/name: sandbox-gateway
+        component: sandbox-manager
     spec:
       serviceAccountName: sandbox-gateway
       initContainers:
@@ -68,6 +71,10 @@ spec:
           env:
             - name: GOMAXPROCS
               value: "2"
+            - name: PEER_NAMESPACE
+              value: "sandbox-system"
+            - name: PEER_LABEL_SELECTOR
+              value: "component=sandbox-manager"
           ports:
             - name: http
               containerPort: 10000
@@ -110,4 +117,5 @@ spec:
                 labelSelector:
                   matchLabels:
                     app.kubernetes.io/name: sandbox-gateway
+                    app.kubernetes.io/instance: sandbox-manager
                 topologyKey: kubernetes.io/hostname

config/sandbox-gateway/rbac.yaml

@@ -12,6 +12,9 @@ rules:
   - apiGroups: ["agents.kruise.io"]
     resources: ["sandboxes/status"]
     verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

config/sandbox-gateway/service.yaml

@@ -9,7 +9,7 @@ metadata:
 spec:
   type: ClusterIP
   ports:
-    - port: 10000
+    - port: 7788
       targetPort: 10000
       protocol: TCP
       name: http

hack/run-e2b-e2e-test.sh

@@ -64,6 +64,8 @@ kubectl wait --for=condition=ready pod \
 
 echo "All sandbox-manager pods are ready"
 
+sudo -E kubectl port-forward svc/sandbox-manager 80:7788 -n sandbox-system &
+
 # Step 2: Install e2b-code-interpreter
 echo "Installing dependencies..."
 pip install -r $TEST_DIR/requirements.txt

pkg/sandbox-gateway/filter/config.go

@@ -1,18 +1,145 @@
 package filter
 
 import (
+	"encoding/json"
+	"fmt"
+	"regexp"
+
+	v3 "github.com/cncf/xds/go/xds/type/v3"
 	"github.com/envoyproxy/envoy/contrib/golang/common/go/api"
 	"google.golang.org/protobuf/types/known/anypb"
 )
 
-type config struct{}
+// hostPattern matches the host format: {port}-{namespace}--{name}.{domain}
+// Group 1: port (digits), Group 2: namespace--name (alphanumeric and hyphens)
+var hostPattern = regexp.MustCompile(`^(\d+)-([a-zA-Z0-9\-]+)\.`)
+
+const (
+	DefaultHostHeaderName    = "Host"
+	DefaultSandboxHeaderName = "e2b-sandbox-id"
+	DefaultSandboxPortHeader = "e2b-sandbox-port"
+	DefaultSandboxPort       = "49983"
+)
+
+// Config holds the filter configuration
+type Config struct {
+	// SandboxHeaderName is the header name for sandbox ID (checked first)
+	SandboxHeaderName string `json:"sandbox-header-name,omitempty"`
+	// SandboxPortHeader is the header name for sandbox port
+	SandboxPortHeader string `json:"sandbox-port-header,omitempty"`
+	// HostHeaderName is the header name for host matching (fallback when sandbox header not found)
+	HostHeaderName string `json:"host-header-name,omitempty"`
+	// DefaultPort is the default port if not specified
+	DefaultPort string `json:"default-port,omitempty"`
+}
+
+// DefaultConfig returns default configuration
+func DefaultConfig() *Config {
+	return &Config{
+		SandboxHeaderName: DefaultSandboxHeaderName,
+		SandboxPortHeader: DefaultSandboxPortHeader,
+		HostHeaderName:    DefaultHostHeaderName,
+		DefaultPort:       DefaultSandboxPort,
+	}
+}
+
+// Validate checks configuration validity
+func (c *Config) Validate() error {
+	return nil
+}
+
+// GetSandboxHeaderName returns the effective sandbox header name
+func (c *Config) GetSandboxHeaderName() string {
+	if c.SandboxHeaderName != "" {
+		return c.SandboxHeaderName
+	}
+	return DefaultSandboxHeaderName
+}
+
+// GetHostHeaderName returns the effective host header name
+func (c *Config) GetHostHeaderName() string {
+	if c.HostHeaderName != "" {
+		return c.HostHeaderName
+	}
+	return DefaultHostHeaderName
+}
+
+// ExtractHostInfo extracts both host key and port from the header in one regex call
+// Only for host mode: extracts both from the host format (<port>-<namespace>--<name>.domain)
+// Returns (hostKey, port) - both empty if parsing fails
+func (c *Config) ExtractHostInfo(headerValue string) (string, string) {
+	if headerValue == "" {
+		return "", ""
+	}
+
+	// Use regex to extract both port and namespace--name from host format
+	// e.g., "8080-abc--def.example.com" -> hostKey: "abc--def", port: "8080"
+	matches := hostPattern.FindStringSubmatch(headerValue)
+	if len(matches) < 3 {
+		return "", ""
+	}
+	return matches[2], matches[1]
+}
 
 type ConfigParser struct{}
 
 func (p *ConfigParser) Parse(any *anypb.Any, callbacks api.ConfigCallbackHandler) (interface{}, error) {
-	return &config{}, nil
+	cfg := DefaultConfig()
+
+	// Unmarshal the xds.type.v3.TypedStruct protobuf message
+	typedStruct := &v3.TypedStruct{}
+	if err := any.UnmarshalTo(typedStruct); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal TypedStruct: %w", err)
+	}
+
+	// Get the value from TypedStruct which contains the actual config as Struct
+	valueStruct := typedStruct.GetValue()
+	if valueStruct == nil {
+		// No value field, use defaults
+		return cfg, nil
+	}
+
+	// Convert the struct to JSON
+	configBytes, err := json.Marshal(valueStruct.AsMap())
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal config value to JSON: %w", err)
+	}
+
+	// Parse actual config from JSON
+	if len(configBytes) > 0 && string(configBytes) != "null" {
+		if err := json.Unmarshal(configBytes, cfg); err != nil {
+			return nil, fmt.Errorf("failed to parse config: %w", err)
+		}
+	}
+
+	// Validate
+	if err := cfg.Validate(); err != nil {
+		return nil, err
+	}
+
+	return cfg, nil
 }
 
 func (p *ConfigParser) Merge(parent interface{}, child interface{}) interface{} {
-	return child
+	parentCfg := parent.(*Config)
+	childCfg := child.(*Config)
+
+	// Child overrides parent for all fields
+	merged := DefaultConfig()
+	*merged = *parentCfg
+
+	if childCfg.SandboxHeaderName != "" {
+		merged.SandboxHeaderName = childCfg.SandboxHeaderName
+	}
+	if childCfg.SandboxPortHeader != "" {
+		merged.SandboxPortHeader = childCfg.SandboxPortHeader
+	}
+	if childCfg.HostHeaderName != "" {
+		merged.HostHeaderName = childCfg.HostHeaderName
+	}
+	if childCfg.DefaultPort != "" {
+		merged.DefaultPort = childCfg.DefaultPort
+	}
+
+	return merged
 }

pkg/sandbox-gateway/filter/config_test.go

@@ -0,0 +1,129 @@
+package filter
+
+import (
+	"testing"
+)
+
+func TestConfigValidate(t *testing.T) {
+	tests := []struct {
+		name    string
+		cfg     *Config
+		wantErr bool
+	}{
+		{
+			name:    "default config",
+			cfg:     DefaultConfig(),
+			wantErr: false,
+		},
+		{
+			name: "custom sandbox header",
+			cfg: &Config{
+				SandboxHeaderName: "custom-sandbox-id",
+				SandboxPortHeader: "custom-sandbox-port",
+				HostHeaderName:    "X-Host",
+				DefaultPort:       "8080",
+			},
+			wantErr: false,
+		},
+		{
+			name:    "empty config",
+			cfg:     &Config{},
+			wantErr: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := tt.cfg.Validate()
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Validate() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
+
+func TestGetSandboxHeaderName(t *testing.T) {
+	tests := []struct {
+		name           string
+		cfg            *Config
+		wantHeaderName string
+	}{
+		{
+			name:           "empty config uses default",
+			cfg:            &Config{},
+			wantHeaderName: "e2b-sandbox-id",
+		},
+		{
+			name: "custom sandbox header name",
+			cfg: &Config{
+				SandboxHeaderName: "custom-sandbox-id",
+			},
+			wantHeaderName: "custom-sandbox-id",
+		},
+		{
+			name:           "default config",
+			cfg:            DefaultConfig(),
+			wantHeaderName: "e2b-sandbox-id",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := tt.cfg.GetSandboxHeaderName()
+			if got != tt.wantHeaderName {
+				t.Errorf("GetSandboxHeaderName() = %q, want %q", got, tt.wantHeaderName)
+			}
+		})
+	}
+}
+
+func TestGetHostHeaderName(t *testing.T) {
+	tests := []struct {
+		name           string
+		cfg            *Config
+		wantHeaderName string
+	}{
+		{
+			name:           "empty config uses default",
+			cfg:            &Config{},
+			wantHeaderName: "Host",
+		},
+		{
+			name: "custom host header name",
+			cfg: &Config{
+				HostHeaderName: "X-Forwarded-Host",
+			},
+			wantHeaderName: "X-Forwarded-Host",
+		},
+		{
+			name:           "default config",
+			cfg:            DefaultConfig(),
+			wantHeaderName: "Host",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := tt.cfg.GetHostHeaderName()
+			if got != tt.wantHeaderName {
+				t.Errorf("GetHostHeaderName() = %q, want %q", got, tt.wantHeaderName)
+			}
+		})
+	}
+}
+
+func TestDefaultConfig(t *testing.T) {
+	cfg := DefaultConfig()
+	if cfg.SandboxHeaderName != "e2b-sandbox-id" {
+		t.Errorf("DefaultConfig().SandboxHeaderName = %q, want %q", cfg.SandboxHeaderName, "e2b-sandbox-id")
+	}
+	if cfg.SandboxPortHeader != "e2b-sandbox-port" {
+		t.Errorf("DefaultConfig().SandboxPortHeader = %q, want %q", cfg.SandboxPortHeader, "e2b-sandbox-port")
+	}
+	if cfg.HostHeaderName != "Host" {
+		t.Errorf("DefaultConfig().HostHeaderName = %q, want %q", cfg.HostHeaderName, "Host")
+	}
+	if cfg.DefaultPort != "49983" {
+		t.Errorf("DefaultConfig().DefaultPort = %q, want %q", cfg.DefaultPort, "49983")
+	}
+}