feat: supoort kruise custom api for gateway

[chengzhycn]

Now let me also check the earlier part of the diff that was truncated:
Here's the generated PR description:

---

Ⅰ. Describe what this PR does

This PR adds support for the Kruise custom API protocol in the sandbox-gateway, refactoring the filter to use a unified adapter pattern for sandbox routing.

Gateway filter refactoring (pkg/sandbox-gateway/filter/)

• Replaced the inline header/host extraction logic in DecodeHeaders with the unified E2BMapper adapter interface from pkg/servers/e2b/adapters/
• Introduced FilterConfig wrapper that holds both Config and Adapter, created via NewFilterConfig() / NewE2BAdapterWithOptions()
• Removed ExtractHostInfo() from Config — host parsing is now delegated to NativeE2BAdapter
• Port is now int throughout the filter instead of string
• Added support for extra headers from the adapter (e.g., :path rewrite for kruise custom protocol)

NativeE2BAdapter enhancements (pkg/servers/e2b/adapters/native_e2b.go)

• Extended NativeE2BAdapter with configurable fields: SandboxIDHeader, SandboxPortHeader, HostHeader, DefaultPort
• Implemented header-first, hostname-fallback extraction strategy with custom header support
• Added NewE2BAdapterWithOptions() constructor for the gateway use case

Envoy configuration (config/sandbox-gateway/configmap.yaml)

• Added /kruise/api route prefix that forwards to a new manager_cluster (sandbox-manager service on port 7788)

Deployment cleanup (config/sandbox-gateway/deployment.yaml)

• Removed the init-sysctl init container that required SYS_ADMIN capabilities

CI & E2E (hack/, .github/workflows/, test/e2b/)

• Added sandbox-gateway image build, load, and deploy steps to both E2B e2e workflows
• Updated run-e2b-e2e-test.sh to wait for gateway pods and port-forward through gateway instead of manager directly
• Added gateway restart count check in e2e teardown
• Added new test_gateway.py with header-based and host-based routing e2e tests

Makefile

• Added deploy-sandbox-gateway and undeploy-sandbox-gateway targets

Ⅱ. Does this pull request fix one issue?

NONE

Ⅲ. Describe how to verify it

1. Unit tests — run the gateway filter and adapter tests:

   go test ./pkg/sandbox-gateway/filter/... -v
   go test ./pkg/servers/e2b/adapters/... -v

2. E2E tests — the CI workflows now build and deploy sandbox-gateway; the new test/e2b/test_gateway.py validates both header-based and host-based routing through the gateway.
3. Manual verification — deploy sandbox-gateway with the updated Envoy configmap, then:
   • Send a request with e2b-sandbox-id and e2b-sandbox-port headers → should route to the correct sandbox pod
   • Send a request with host format {port}-{ns}--{name}.example.com → should route via hostname fallback
   • Send a request to /kruise/ns--sandbox/3000/api/v1/data → should route via kruise custom protocol with path rewrite

Ⅳ. Special notes for reviews

• The init-sysctl init container with SYS_ADMIN capability was removed from the gateway deployment — verify this is acceptable for your environment.
• The NativeE2BAdapter.Map() signature is unchanged but the behavior now supports header-first extraction. Existing callers using only hostname-based routing are unaffected (hostname fallback still works).
• The ConfigParser.Merge and FilterFactory now operate on *FilterConfig instead of *Config — this is a breaking change for the internal Envoy Go filter API surface but not for external consumers.

[kruise-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

❌ Patch coverage is 91.11111% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.12%. Comparing base (a527583) to head (9fb14dd).
⚠️ Report is 12 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/servers/e2b/adapters/unified_e2b.go	67.74%	10 Missing ⚠️
pkg/servers/e2b/adapters/native_e2b.go	95.12%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #278      +/-   ##
==========================================
+ Coverage   70.74%   72.12%   +1.38%     
==========================================
  Files         116      116              
  Lines       10643     8657    -1986     
==========================================
- Hits         7529     6244    -1285     
+ Misses       2810     2104     -706     
- Partials      304      309       +5     

Flag	Coverage Δ
unittests	72.12% <91.11%> (+1.38%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[chengzhycn]

/assign @furykerry @AiRanthem

[AiRanthem]

Request Changes: There is a parsing bug when a private protocol URL has no trailing path. URLs like /kruise/sandbox-foo/8080 fail to parse, while /kruise/sandbox-foo/8080/some-path works correctly. The root cause appears to be the handling of the trailing / delimiter — the parser assumes a path component always exists. Please fix the URL parsing logic to correctly handle the case where no path is present.

[AiRanthem]

Suggestion: Consider splitting the current logic into two separate functions — one for parsing the header and one for parsing the host. When the header parsing returns an error, the code can fall back to the host parsing logic. This separation would make the flow clearer and easier to maintain going forward.