cloudandheat · Lykos153 · Sep 8, 2022 · Sep 15, 2022 · Oct 6, 2022
diff --git a/docs/develop.rst b/docs/develop.rst
@@ -7,6 +7,6 @@ Running ch-k8s-lbaas-controller locally
 During development you usually don't want to go through a full "Build Image / Push Image / Deploy Image" cycle - and you don't have to. As a shortcut you can run the controller locally on your workstation. You need
 
 - a kubeconfig file which gives the controller the necessary permissions (you could just use your default `admin.conf`)
-- the `controller-config.toml` which tells the controller how to interact with the OpenStack control plane. You can fetch it from the k8s control plane and place it in the same directory as the controller, e.g., via `kubectl get secret -n kube-system -o jsonpath='{.data.controller-config\.toml} | base64 -d > controller-config.toml'`
+- the `controller-config.toml` which tells the controller how to interact with the OpenStack control plane. You can fetch it from the k8s control plane and place it in the same directory as the controller, e.g., via `kubectl get secret -n kube-system ch-k8s-lbaas-controller-config -o jsonpath='{.data.controller-config\.toml}' | base64 -d > controller-config.toml`
 
 If you're using yaook/k8s, then you probably also have to adapt firewall rules on the (primary) gateway node. Add an entry such as `ip saddr 172.30.153.0/24 tcp dport $lbaas_agent_tcp_port accept;` to the file `/var/lib/ch-k8s-lbaas-agent/nftables/access.conf` and restart nftables via `sudo systemctl reload nftables`. Obviously that's an ephemeral change and you have to adapt the address range to your actual wireguard subnet.
diff --git a/internal/agent/nftables_generator.go b/internal/agent/nftables_generator.go
@@ -85,6 +85,7 @@ func copyAddresses(in []string) []string {
 	return result
 }
 
+// Maps from k8s.io/api/core/v1.Protocol objects to strings understood by nftables
 func (g *NftablesGenerator) mapProtocol(k8sproto corev1.Protocol) (string, error) {
 	switch k8sproto {
 	case corev1.ProtocolTCP:
@@ -96,6 +97,7 @@ func (g *NftablesGenerator) mapProtocol(k8sproto corev1.Protocol) (string, error
 	}
 }
 
+// Generates a config suitable for nftablesTemplate from a LoadBalancer model
 func (g *NftablesGenerator) GenerateStructuredConfig(m *model.LoadBalancer) (*nftablesConfig, error) {
 	result := &nftablesConfig{
 		FilterTableName:         g.Cfg.FilterTableName,

diff --git a/internal/controller/model_nodeport_test.go b/internal/controller/model_nodeport_test.go
@@ -111,6 +111,7 @@ func (f *nodePortGeneratorFixture) runWith(body func(g *NodePortLoadBalancerMode
 	f.l3portmanager.AssertExpectations(f.t)
 }
 
+// Looks for the ingress matching `address` in `items` and applies the test function `testfunc` to it
 func anyIngressIP(t *testing.T, items []model.IngressIP, address string, testfunc func(t *testing.T, i model.IngressIP)) {
 	assert.Conditionf(t, func() bool {
 		for _, item := range items {
@@ -124,6 +125,7 @@ func anyIngressIP(t *testing.T, items []model.IngressIP, address string, testfun
 	}, "no Ingress found for address %s in %#v", address, items)
 }
 
+// Looks for the port forward matching `port` and `protocol` in `items` and applies the test function `testfunc` to it
 func anyPort(t *testing.T, items []model.PortForward, inboundPort int32, protocol corev1.Protocol, testfunc func(t *testing.T, p model.PortForward)) {
 	assert.Conditionf(t, func() bool {
 		for _, item := range items {