feat: add E2B-compatible volume management APIs

[princexpoddar]

Ⅰ. Describe what this PR does

Closes #505

This PR adds E2B-compatible volume management APIs to sandbox-manager and introduces support for mounting registered volumes during sandbox creation.

Key changes

Volume APIs

Adds the following E2B-compatible endpoints:

Method	Path
POST	/volumes
GET	/volumes
GET	/volumes/{volumeID}
DELETE	/volumes/{volumeID}

These routes are also available under the configured E2B API prefix through the existing RegisterE2BRoute mechanism.

Sandbox volume mounts

Adds a new optional field to POST /sandboxes:

{
  "templateID": "my-template",
  "volume_mounts": [
    {
      "volumeID": "pv-001",
      "mountPath": "/data",
      "readOnly": false
    }
  ]
}

Each volume reference is resolved into a CSIMountConfig and injected into the existing CSI mount pipeline. No changes were required to the claim/clone workflow.

Storage model

This implementation follows maintainer feedback and uses existing Kubernetes PersistentVolume objects directly rather than introducing a new CRD.

Registered volumes are represented by PVs labeled with:

• agents.kruise.io/volume-owner-namespace
• agents.kruise.io/volume-name

volumeID maps directly to the PV name.

Mounted-volume detection

Volume usage is derived from SandboxClaim.spec.dynamicVolumesMount instead of maintaining mount state on the PV. This avoids duplicated state and eliminates stale annotation cleanup concerns.

Observability

Adds Prometheus metrics:

• volume_operation_total
• volume_operation_duration_seconds

for register, list, get, and delete operations.

---

Ⅱ. Does this pull request fix one issue?

Closes #505

---

Ⅲ. Describe how to verify it

Unit tests

go test ./pkg/servers/e2b/...
go test ./pkg/sandbox-manager/volume/...

Integration tests

go test ./pkg/sandbox-manager/infra/sandboxcr/... -run TestVolumeInfra
go test ./pkg/sandbox-manager/infra/sandboxcr/... -run TestProperty

Build verification

go build ./pkg/servers/e2b/...
go build ./pkg/sandbox-manager/...

---

Ⅳ. Special notes for reviewers

1. No CRDs or API types were added.

2. RegisterVolume and DeleteVolume read PVs directly from the API server to avoid acting on stale cache data. ListVolumes and GetVolume use the informer cache.

3. Cross-namespace access returns 404 Not Found rather than 403 Forbidden to avoid information disclosure.

4. resolveVolumeMounts reuses GetVolume, ensuring namespace isolation is enforced consistently for both volume APIs and sandbox creation.

5. Mounted-volume checks are derived from SandboxClaim.spec.dynamicVolumesMount; no mount state is stored on PVs.

6. The implementation is fully additive and does not modify existing CSI mount behavior.

7. Build verification completed successfully for all packages modified by this PR:

go build ./pkg/servers/e2b/...
go build ./pkg/sandbox-manager/...

[kruise-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign furykerry for approval by writing /assign @furykerry in a comment. For more information see:The Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kruise-bot]

Welcome @princexpoddar! It looks like this is your first PR to openkruise/agents 🎉

[codecov]

Codecov Report

❌ Patch coverage is 84.26667% with 59 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.77%. Comparing base (d9bafdb) to head (e098607).

Files with missing lines	Patch %	Lines
pkg/sandbox-manager/infra/sandboxcr/volume.go	79.56%	20 Missing and 8 partials ⚠️
pkg/servers/e2b/volume.go	89.87%	12 Missing and 4 partials ⚠️
pkg/servers/e2b/create.go	22.22%	12 Missing and 2 partials ⚠️
pkg/servers/e2b/core.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #550      +/-   ##
==========================================
+ Coverage   79.66%   79.77%   +0.11%     
==========================================
  Files         194      197       +3     
  Lines       13772    14144     +372     
==========================================
+ Hits        10971    11284     +313     
- Misses       2403     2448      +45     
- Partials      398      412      +14     

Flag	Coverage Δ
unittests	79.77% <84.26%> (+0.11%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[princexpoddar]

Hello @furykerry @AiRanthem @zmberg ,
I wanted to politely follow up on this PR. The CI checks are passing, and I believe it is ready for review. I would appreciate any feedback whenever you have the opportunity.
Thank you!