Architecture

The overall architecture of OpenKruise Agents is shown as below:

alt

sandbox-manager

sandbox-manager is a stateless backend management component that provides E2B APIs and MCP APIs for managing and operating sandbox instances.

sandbox-gateway

sandbox-gateway is a lightweight and efficient gateway that proxy incoming traffic to the sandboxes, sandbox-gateway is built as an envoy filter.

sandbox-controller

sandbox-controller contains a group of controllers responsible for the reconcilation of resources such as sandboxset and sandboxclaim, it also provides the admission webhooks for related CRD resources。

agent-runtime

agent-runtime is a Sidecar injected into the Sandbox that provides utilty services for the sandbox, including E2B envd-compatible command and file operations, dynamic CSI mounting, etc.

API

OpenKruise Agents provides K8S, E2B and MCP apis.

K8S APIs

OpenKruise Agents provides Kubernetes API in the forms of CRD，and they're targeting for platform builders and infrastructure teams.

$ kubectl get crd | grep kruise.io
checkpoints.agents.kruise.io                               2026-03-22T08:50:38Z
sandboxclaims.agents.kruise.io                             2026-03-22T08:50:38Z
sandboxes.agents.kruise.io                                 2026-03-22T08:50:38Z
sandboxsets.agents.kruise.io                               2026-03-22T08:50:38Z
sandboxtemplates.agents.kruise.io                          2026-03-22T08:50:38Z

E2B APIs

OpenKruise Agents provides E2B protocol-compatible APIs

sandbox-manager​

sandbox-gateway​

sandbox-controller​

agent-runtime​

API​

K8S APIs​

E2B APIs​