diff --git a/pkg/agent/flannel/flannel.go b/pkg/agent/flannel/flannel.go
index 0c6cd311da8..71b063a4237 100644
--- a/pkg/agent/flannel/flannel.go
+++ b/pkg/agent/flannel/flannel.go
@@ -100,7 +100,7 @@ func flannel(ctx context.Context, wg *sync.WaitGroup, flannelIface *net.Interfac
 		return errors.New("ipv4 mode requested but no ipv4 network provided")
 	}
 
-	//setup masq rules
+	// setup masq rules
 	prevNetwork := ReadCIDRFromSubnetFile(subnetFile, "FLANNEL_NETWORK")
 	prevSubnet := ReadCIDRFromSubnetFile(subnetFile, "FLANNEL_SUBNET")
 
@@ -109,14 +109,14 @@ func flannel(ctx context.Context, wg *sync.WaitGroup, flannelIface *net.Interfac
 	if flannelIPv6Masq {
 		err = trafficMngr.SetupAndEnsureMasqRules(ctx, config.Network, prevSubnet, prevNetwork, config.IPv6Network, prevIPv6Subnet, prevIPv6Network, bn.Lease(), 60, false)
 	} else {
-		//set empty flannel ipv6 Network to prevent masquerading
+		// set empty flannel ipv6 Network to prevent masquerading
 		err = trafficMngr.SetupAndEnsureMasqRules(ctx, config.Network, prevSubnet, prevNetwork, ip.IP6Net{}, prevIPv6Subnet, prevIPv6Network, bn.Lease(), 60, false)
 	}
 	if err != nil {
 		return pkgerrors.WithMessage(err, "failed to setup masq rules")
 	}
 
-	//setup forward rules
+	// setup forward rules
 	trafficMngr.SetupAndEnsureForwardRules(ctx, config.Network, config.IPv6Network, 50)
 
 	if err := WriteSubnetFile(subnetFile, config.Network, config.IPv6Network, true, bn, nm); err != nil {
@@ -219,7 +219,7 @@ func WriteSubnetFile(path string, nw ip.IP4Net, nwv6 ip.IP6Net, ipMasq bool, bn
 	// rename(2) the temporary file to the desired location so that it becomes
 	// atomically visible with the contents
 	return os.Rename(tempFile, path)
-	//TODO - is this safe? What if it's not on the same FS?
+	// TODO - is this safe? What if it's not on the same FS?
 }
 
 // ReadCIDRFromSubnetFile reads the flannel subnet file and extracts the value of IPv4 network CIDRKey
diff --git a/pkg/cli/server/server.go b/pkg/cli/server/server.go
index b61f23c6642..f16d3223678 100644
--- a/pkg/cli/server/server.go
+++ b/pkg/cli/server/server.go
@@ -340,7 +340,7 @@ func run(app *cli.Context, cfg *cmds.Server, leaderControllers server.CustomCont
 
 	// if we ended up with any advertise-ips, ensure they're added to the SAN list;
 	// note that kube-apiserver does not support dual-stack advertise-ip as of 1.21.0:
-	/// https://github.com/kubernetes/kubeadm/issues/1612#issuecomment-772583989
+	// https://github.com/kubernetes/kubeadm/issues/1612#issuecomment-772583989
 	if serverConfig.ControlConfig.AdvertiseIP != "" {
 		serverConfig.ControlConfig.SANs = append(serverConfig.ControlConfig.SANs, serverConfig.ControlConfig.AdvertiseIP)
 	}
diff --git a/pkg/configfilearg/parser.go b/pkg/configfilearg/parser.go
index b54ac30439d..23267cea068 100644
--- a/pkg/configfilearg/parser.go
+++ b/pkg/configfilearg/parser.go
@@ -75,7 +75,7 @@ func (p *Parser) stripInvalidFlags(command string, args []string) ([]string, err
 	}
 	validFlags := make(map[string]bool, len(cmdFlags))
 	for _, f := range cmdFlags {
-		//split flags with aliases into 2 entries
+		// split flags with aliases into 2 entries
 		for _, s := range f.Names() {
 			validFlags[s] = true
 		}
diff --git a/pkg/server/handlers/handlers_test.go b/pkg/server/handlers/handlers_test.go
index 248e0b82979..85ab74e215d 100644
--- a/pkg/server/handlers/handlers_test.go
+++ b/pkg/server/handlers/handlers_test.go
@@ -107,11 +107,11 @@ func Test_UnitHandlers(t *testing.T) {
 		paths       []pathTest
 	}{
 		{
-			//*** tests with runtime core not ready ***
+			// *** tests with runtime core not ready ***
 			name:        "no runtime core",
 			controlFunc: getCorelessControl,
 			paths: []pathTest{
-				//** paths accessible with node cert or agent token, and specific headers **
+				// ** paths accessible with node cert or agent token, and specific headers **
 				{
 					method: http.MethodGet,
 					path:   "/v1-k3s/serving-kubelet.crt",
@@ -358,7 +358,7 @@ func Test_UnitHandlers(t *testing.T) {
 			},
 		},
 		{
-			//*** tests with runtime core not ready and bind address set ***
+			// *** tests with runtime core not ready and bind address set ***
 			name: "no runtime core with bind-address",
 			controlFunc: func(t *testing.T) (*config.Control, context.CancelFunc) {
 				control, cancel := getCorelessControl(t)
@@ -366,7 +366,7 @@ func Test_UnitHandlers(t *testing.T) {
 				return control, cancel
 			},
 			paths: []pathTest{
-				//** paths accessible with node cert or agent token, and specific headers **
+				// ** paths accessible with node cert or agent token, and specific headers **
 				{
 					method: http.MethodGet,
 					path:   "/v1-k3s/serving-kubelet.crt",
@@ -613,11 +613,11 @@ func Test_UnitHandlers(t *testing.T) {
 			},
 		},
 		{
-			//*** tests with no agent and runtime core not ready ***
+			// *** tests with no agent and runtime core not ready ***
 			name:        "agentless no runtime core",
 			controlFunc: getCorelessAgentlessControl,
 			paths: []pathTest{
-				//** paths accessible with node cert or agent token, and specific headers **
+				// ** paths accessible with node cert or agent token, and specific headers **
 				{
 					method: http.MethodGet,
 					path:   "/v1-k3s/serving-kubelet.crt",
@@ -876,11 +876,11 @@ func Test_UnitHandlers(t *testing.T) {
 			},
 		},
 		{
-			//*** tests with mocked core controllers ***
+			// *** tests with mocked core controllers ***
 			name:        "mocked",
 			controlFunc: getMockedControl,
 			paths: []pathTest{
-				//** paths accessible with node cert or agent token, and specific headers **
+				// ** paths accessible with node cert or agent token, and specific headers **
 				{
 					method: http.MethodGet,
 					path:   "/v1-k3s/serving-kubelet.crt",
@@ -1135,7 +1135,7 @@ func Test_UnitHandlers(t *testing.T) {
 						},
 					),
 				},
-				//** paths accessible with node cert or agent token **
+				// ** paths accessible with node cert or agent token **
 				{
 					method: http.MethodGet,
 					path:   "/v1-k3s/client-kube-proxy.crt",
@@ -1442,7 +1442,7 @@ func Test_UnitHandlers(t *testing.T) {
 						},
 					),
 				},
-				//** paths accessible with node cert **
+				// ** paths accessible with node cert **
 				{
 					method: http.MethodGet,
 					path:   "/v1-k3s/connect",
@@ -1462,7 +1462,7 @@ func Test_UnitHandlers(t *testing.T) {
 						},
 					),
 				},
-				//** paths accessible with server token **
+				// ** paths accessible with server token **
 				{
 					method: http.MethodGet,
 					path:   "/v1-k3s/encrypt/status",
@@ -1537,7 +1537,7 @@ func Test_UnitHandlers(t *testing.T) {
 						},
 					),
 				},
-				//** paths accessible with apiserver cert **
+				// ** paths accessible with apiserver cert **
 				{
 					method: http.MethodConnect,
 					path:   "/",
@@ -1553,7 +1553,7 @@ func Test_UnitHandlers(t *testing.T) {
 						},
 					),
 				},
-				//** paths accessible anonymously **
+				// ** paths accessible anonymously **
 				{
 					method: http.MethodGet,
 					path:   "/ping",