diff --git a/.ci/Dockerfile b/.ci/Dockerfile
index 1374992d9e..349acc6b4b 100644
--- a/.ci/Dockerfile
+++ b/.ci/Dockerfile
@@ -1,7 +1,7 @@
 # Docker image used for continuous integration
-FROM docker.io/library/golang:1.18.5
+FROM docker.io/library/golang:1.19.0
 
-ENV GOLANGCILINT_VERSION=1.45.2
+ENV GOLANGCILINT_VERSION=1.48.0
 ENV SHELLCHECK_VERSION=0.8.0
 ENV KUBEBUILDER_VERSION=2.3.1
 ENV GCLOUD_VERSION=381.0.0
diff --git a/.golangci.yml b/.golangci.yml
index cc99a26a06..90bde641cb 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -72,7 +72,6 @@ linters:
     - gosec
     - gosimple
     - govet
-    - ifshort
     - importas
     - ineffassign
     - makezero
diff --git a/Dockerfile b/Dockerfile
index 798a3efee4..869861a661 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the operator binary
-FROM --platform=$TARGETPLATFORM docker.io/library/golang:1.18.5 as builder
+FROM --platform=$TARGETPLATFORM docker.io/library/golang:1.19.0 as builder
 
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
diff --git a/Dockerfile.ubi b/Dockerfile.ubi
index 01d615c100..b7dfd5dd3c 100644
--- a/Dockerfile.ubi
+++ b/Dockerfile.ubi
@@ -1,5 +1,5 @@
 # Build the operator binary
-FROM --platform=$TARGETPLATFORM docker.io/library/golang:1.18.5 as builder
+FROM --platform=$TARGETPLATFORM docker.io/library/golang:1.19.0 as builder
 
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
diff --git a/cmd/manager/main.go b/cmd/manager/main.go
index 96d843e4bd..e26cfe9266 100644
--- a/cmd/manager/main.go
+++ b/cmd/manager/main.go
@@ -404,8 +404,9 @@ func startOperator(ctx context.Context) error {
 		mux.HandleFunc("/debug/pprof/trace", pprof.Trace)
 
 		pprofServer := http.Server{
-			Addr:    viper.GetString(operator.DebugHTTPListenFlag),
-			Handler: mux,
+			Addr:              viper.GetString(operator.DebugHTTPListenFlag),
+			Handler:           mux,
+			ReadHeaderTimeout: 60 * time.Second,
 		}
 		log.Info("Starting debug HTTP server", "addr", pprofServer.Addr)
 
@@ -734,10 +735,10 @@ func chooseAndValidateIPFamily(ipFamilyStr string, ipFamilyDefault corev1.IPFami
 }
 
 // determineSetDefaultSecurityContext determines what settings we need to use for security context by using the following rules:
-// 1. If the setDefaultSecurityContext is explicitly set to either true, or false, use this value.
-// 2. use OpenShift detection to determine whether or not we are running within an OpenShift cluster.
-//    If we determine we are on an OpenShift cluster, and since OpenShift automatically sets security context, return false,
-//    otherwise, return true as we'll need to set this security context on non-OpenShift clusters.
+//  1. If the setDefaultSecurityContext is explicitly set to either true, or false, use this value.
+//  2. use OpenShift detection to determine whether or not we are running within an OpenShift cluster.
+//     If we determine we are on an OpenShift cluster, and since OpenShift automatically sets security context, return false,
+//     otherwise, return true as we'll need to set this security context on non-OpenShift clusters.
 func determineSetDefaultSecurityContext(setDefaultSecurityContext string, clientset kubernetes.Interface) (bool, error) {
 	if setDefaultSecurityContext == "auto-detect" {
 		openshift, err := isOpenShift(clientset)
@@ -746,8 +747,8 @@ func determineSetDefaultSecurityContext(setDefaultSecurityContext string, client
 	return strconv.ParseBool(setDefaultSecurityContext)
 }
 
-// isOpenShift detects whether we are running on OpenShift.  Detection inspired by kubevirt
-//    https://github.com/kubevirt/kubevirt/blob/f71e9c9615a6c36178169d66814586a93ba515b5/pkg/util/cluster/cluster.go#L21
+// isOpenShift detects whether we are running on OpenShift. Detection inspired by kubevirt:
+// - https://github.com/kubevirt/kubevirt/blob/f71e9c9615a6c36178169d66814586a93ba515b5/pkg/util/cluster/cluster.go#L21
 func isOpenShift(clientset kubernetes.Interface) (bool, error) {
 	openshiftSecurityGroupVersion := schema.GroupVersion{Group: "security.openshift.io", Version: "v1"}
 	apiResourceList, err := clientset.Discovery().ServerResourcesForGroupVersion(openshiftSecurityGroupVersion.String())
diff --git a/go.mod b/go.mod
index 59d6a90138..b624f9f4da 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/elastic/cloud-on-k8s/v2
 
-go 1.17
+go 1.19
 
 require (
 	github.com/Masterminds/sprig/v3 v3.2.2
diff --git a/hack/manifest-gen/Dockerfile b/hack/manifest-gen/Dockerfile
index 82a185ae15..275fc3509b 100644
--- a/hack/manifest-gen/Dockerfile
+++ b/hack/manifest-gen/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/library/golang:1.18.5 as builder
+FROM docker.io/library/golang:1.19.0 as builder
 ADD . /manifest-gen
 WORKDIR /manifest-gen
 ENV GO111MODULE=on CGO_ENABLED=0 GOOS=linux 
diff --git a/pkg/controller/autoscaling/elasticsearch/status/actual.go b/pkg/controller/autoscaling/elasticsearch/status/actual.go
index b5eafd0743..6d72fc764e 100644
--- a/pkg/controller/autoscaling/elasticsearch/status/actual.go
+++ b/pkg/controller/autoscaling/elasticsearch/status/actual.go
@@ -22,9 +22,9 @@ import (
 
 // ImportExistingResources attempts to infer the resources to allocate to node sets if an autoscaling policy is not in the Status.
 // It can be the case if:
-//  * The cluster was manually managed and the user wants to manage resources with the autoscaling controller. In that case
-//    we want to be able to set some good default resources even if the autoscaling API is not responding.
-// * The Elasticsearch resource has been replaced and the status annotation has been lost in the process.
+// - The cluster was manually managed and the user wants to manage resources with the autoscaling controller. In that case
+// we want to be able to set some good default resources even if the autoscaling API is not responding.
+// - The Elasticsearch resource has been replaced and the status annotation has been lost in the process.
 func (s *Status) ImportExistingResources(
 	log logr.Logger,
 	c k8s.Client,
diff --git a/pkg/controller/common/certificates/x509_othername.go b/pkg/controller/common/certificates/x509_othername.go
index de5968b834..b178eceee5 100644
--- a/pkg/controller/common/certificates/x509_othername.go
+++ b/pkg/controller/common/certificates/x509_othername.go
@@ -24,26 +24,26 @@ GeneralName is a partially modelled GeneralName from RFC 5280, Section 4.2.1.6
 
 The RFC defines the Subject Alternative Names value as follows:
 
-    id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
-
-    SubjectAltName ::= GeneralNames
-
-    GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-
-    GeneralName ::= CHOICE {
-        otherName                       [0]     OtherName,
-        rfc822Name                      [1]     IA5String,
-        dNSName                         [2]     IA5String,
-        x400Address                     [3]     ORAddress,
-        directoryName                   [4]     Name,
-        ediPartyName                    [5]     EDIPartyName,
-        uniformResourceIdentifier       [6]     IA5String,
-        iPAddress                       [7]     OCTET STRING,
-        registeredID                    [8]     OBJECT IDENTIFIER }
-
-    OtherName ::= SEQUENCE {
-        type-id    OBJECT IDENTIFIER,
-        value      [0] EXPLICIT ANY DEFINED BY type-id }
+	id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
+
+	SubjectAltName ::= GeneralNames
+
+	GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+	GeneralName ::= CHOICE {
+	    otherName                       [0]     OtherName,
+	    rfc822Name                      [1]     IA5String,
+	    dNSName                         [2]     IA5String,
+	    x400Address                     [3]     ORAddress,
+	    directoryName                   [4]     Name,
+	    ediPartyName                    [5]     EDIPartyName,
+	    uniformResourceIdentifier       [6]     IA5String,
+	    iPAddress                       [7]     OCTET STRING,
+	    registeredID                    [8]     OBJECT IDENTIFIER }
+
+	OtherName ::= SEQUENCE {
+	    type-id    OBJECT IDENTIFIER,
+	    value      [0] EXPLICIT ANY DEFINED BY type-id }
 
 OtherName is used in Elasticsearch certificates as the node names, and is what is compared to the allowed subjects
 in the trust_restrictions file (if configured) when doing certificate validation between ES nodes.
diff --git a/pkg/controller/common/defaults/pod_template.go b/pkg/controller/common/defaults/pod_template.go
index 74f80fd3e4..88a79b8ba5 100644
--- a/pkg/controller/common/defaults/pod_template.go
+++ b/pkg/controller/common/defaults/pod_template.go
@@ -228,7 +228,7 @@ func (b *PodTemplateBuilder) WithContainers(containers ...corev1.Container) *Pod
 // Defaults:
 // - If the init container contains an empty image field, it's inherited from the main container.
 // - VolumeMounts from the main container are added to the init container VolumeMounts, unless they would conflict
-//   with a specified VolumeMount (by having the same VolumeMount.Name or VolumeMount.MountPath)
+// with a specified VolumeMount (by having the same VolumeMount.Name or VolumeMount.MountPath)
 // - default environment variables
 //
 // This method can also be used to set some additional environment variables.
diff --git a/pkg/controller/elasticsearch/driver/pvc_expansion.go b/pkg/controller/elasticsearch/driver/pvc_expansion.go
index 4c3011d896..9870176068 100644
--- a/pkg/controller/elasticsearch/driver/pvc_expansion.go
+++ b/pkg/controller/elasticsearch/driver/pvc_expansion.go
@@ -154,11 +154,11 @@ func needsRecreate(expectedSset appsv1.StatefulSet, actualSset appsv1.StatefulSe
 // resized volume claims.
 // This function acts as a state machine that depends on the annotation and the UID of existing StatefulSets.
 // A standard flow may span over multiple reconciliations like this:
-// 1. No annotation set: nothing to do.
-// 2. An annotation specifies StatefulSet Foo needs to be recreated. That StatefulSet actually exists: delete it.
-// 3. An annotation specifies StatefulSet Foo needs to be recreated. That StatefulSet does not exist: create it.
-// 4. An annotation specifies StatefulSet Foo needs to be recreated. That StatefulSet actually exists, but with
-//    a different UID: the re-creation is over, remove the annotation.
+//  1. No annotation set: nothing to do.
+//  2. An annotation specifies StatefulSet Foo needs to be recreated. That StatefulSet actually exists: delete it.
+//  3. An annotation specifies StatefulSet Foo needs to be recreated. That StatefulSet does not exist: create it.
+//  4. An annotation specifies StatefulSet Foo needs to be recreated. That StatefulSet actually exists, but with
+//     a different UID: the re-creation is over, remove the annotation.
 func recreateStatefulSets(ctx context.Context, k8sClient k8s.Client, es esv1.Elasticsearch) (int, error) {
 	recreateList, err := ssetsToRecreate(es)
 	if err != nil {
diff --git a/pkg/controller/elasticsearch/driver/suspend.go b/pkg/controller/elasticsearch/driver/suspend.go
index 42b9716131..2a68c61e23 100644
--- a/pkg/controller/elasticsearch/driver/suspend.go
+++ b/pkg/controller/elasticsearch/driver/suspend.go
@@ -19,16 +19,16 @@ import (
 )
 
 // reconcileSuspendedPods implements the operator side of activating the Pod suspension mechanism:
-// - Users annotate the Elasticsearch resource with names of Pods they want to suspend for debugging purposes.
-// - Each Pod has an initContainer that runs a shell script to check a file backed by a configMap for its own Pod name.
-// - If the name of the Pod is found in the file the initContainer enters a loop preventing termination until the name
-//   of the Pod is removed from the file again. The Pod is now "suspended".
-// - This function handles the case where the Pod is either already running the main container or it is currently suspended.
-// - If the Pod is already running but should be suspended we want to delete the Pod so that the recreated Pod can run
-//   the initContainer again.
-// - If the Pod is suspended in the initContainer but should be running we update the Pods metadata to accelerate the
-//   propagation of the configMap values. This is just an optimisation and not essential for the correct operation of
-//   the feature.
+//   - Users annotate the Elasticsearch resource with names of Pods they want to suspend for debugging purposes.
+//   - Each Pod has an initContainer that runs a shell script to check a file backed by a configMap for its own Pod name.
+//   - If the name of the Pod is found in the file the initContainer enters a loop preventing termination until the name
+//     of the Pod is removed from the file again. The Pod is now "suspended".
+//   - This function handles the case where the Pod is either already running the main container or it is currently suspended.
+//   - If the Pod is already running but should be suspended we want to delete the Pod so that the recreated Pod can run
+//     the initContainer again.
+//   - If the Pod is suspended in the initContainer but should be running we update the Pods metadata to accelerate the
+//     propagation of the configMap values. This is just an optimisation and not essential for the correct operation of
+//     the feature.
 func reconcileSuspendedPods(ctx context.Context, c k8s.Client, es esv1.Elasticsearch, e *expectations.Expectations) error {
 	// let's make sure we observe any deletions in the cache to avoid redundant deletion
 	pendingPodDeletions, err := e.PendingPodDeletions()
diff --git a/pkg/controller/elasticsearch/migration/migrate_data.go b/pkg/controller/elasticsearch/migration/migrate_data.go
index 91ec39eab6..c21196e126 100644
--- a/pkg/controller/elasticsearch/migration/migrate_data.go
+++ b/pkg/controller/elasticsearch/migration/migrate_data.go
@@ -65,7 +65,7 @@ func (sm *ShardMigration) ShutdownStatus(ctx context.Context, podName string) (s
 // nodeMayHaveShard returns true if one of those conditions is met:
 // - the given ES Pod is holding at least one shard (primary or replica)
 // - some shards in the cluster don't have a node assigned, in which case we can't be sure about the 1st condition
-//   this may happen if the node was just restarted: the shards it is holding appear unassigned
+// this may happen if the node was just restarted: the shards it is holding appear unassigned
 func nodeMayHaveShard(ctx context.Context, es esv1.Elasticsearch, shardLister esclient.ShardLister, podName string) (bool, error) {
 	shards, err := shardLister.GetShards(ctx)
 	if err != nil {
diff --git a/pkg/controller/elasticsearch/nodespec/desired_nodes.go b/pkg/controller/elasticsearch/nodespec/desired_nodes.go
index da56122a3f..51e5b4e32d 100644
--- a/pkg/controller/elasticsearch/nodespec/desired_nodes.go
+++ b/pkg/controller/elasticsearch/nodespec/desired_nodes.go
@@ -122,11 +122,11 @@ func (n nodeSetResourcesBuilder) withMemory(resources corev1.ResourceRequirement
 }
 
 // withStorage attempts to detect the storage capacity of the Elasticsearch nodes.
-// 1. Attempt to detect path settings, an error is raised if multiple data paths are set.
-// 2. Detect the data volume name. If none can be detected an error is raised.
-// 3. Lookup for the corresponding volume claim.
-// 4. For each Pod in the StatefulSet we attempt to read the capacity from the PVC status or from the Spec
-//    if there is no status yet.
+//  1. Attempt to detect path settings, an error is raised if multiple data paths are set.
+//  2. Detect the data volume name. If none can be detected an error is raised.
+//  3. Lookup for the corresponding volume claim.
+//  4. For each Pod in the StatefulSet we attempt to read the capacity from the PVC status or from the Spec
+//     if there is no status yet.
 func (n nodeSetResourcesBuilder) withStorage(
 	ctx context.Context,
 	k8sClient k8s.Client,
diff --git a/pkg/controller/elasticsearch/remotecluster/elasticsearch.go b/pkg/controller/elasticsearch/remotecluster/elasticsearch.go
index c777a7ae6d..5491ed6167 100644
--- a/pkg/controller/elasticsearch/remotecluster/elasticsearch.go
+++ b/pkg/controller/elasticsearch/remotecluster/elasticsearch.go
@@ -70,13 +70,13 @@ func UpdateSettings(
 // have been declared in the Elasticsearch spec. The purpose is to delete remote clusters which were managed by
 // the operator but are not desired anymore, without removing the ones which have been added by the user.
 // The following algorithm is used:
-// 1. Get the list of the previously declared remote clusters from the annotation
-// 2. Ensure that all remote clusters in the Elasticsearch spec are present in the annotation
-// 3. For each remote cluster in the annotation which is not in the Spec, either:
-//   3.1 Schedule its deletion from the Elasticsearch settings
-//   3.2 Otherwise remove it from the annotation
-// 4. Update the annotation on the Elasticsearch object
-// 5. Apply the settings through the Elasticsearch API
+//  1. Get the list of the previously declared remote clusters from the annotation
+//  2. Ensure that all remote clusters in the Elasticsearch spec are present in the annotation
+//  3. For each remote cluster in the annotation which is not in the Spec, either:
+//     3.1 Schedule its deletion from the Elasticsearch settings
+//     3.2 Otherwise remove it from the annotation
+//  4. Update the annotation on the Elasticsearch object
+//  5. Apply the settings through the Elasticsearch API
 func updateSettingsInternal(
 	ctx context.Context,
 	remoteClustersInSpec map[string]esv1.RemoteCluster,
diff --git a/pkg/utils/log/log.go b/pkg/utils/log/log.go
index a5b26670b3..cebf854e58 100644
--- a/pkg/utils/log/log.go
+++ b/pkg/utils/log/log.go
@@ -63,8 +63,8 @@ func InitLogger() {
 // Standard levels are as follows:
 // level | Zap level | name
 // -------------------------
-//  1    | -1        | Debug
-//  0    |  0        | Info
+// 1     | -1        | Debug
+// 0     |  0        | Info
 // -1    |  1        | Warn
 // -2    |  2        | Error
 func ChangeVerbosity(v int) {
diff --git a/test/e2e/Dockerfile b/test/e2e/Dockerfile
index 84098585d1..f11325fb36 100644
--- a/test/e2e/Dockerfile
+++ b/test/e2e/Dockerfile
@@ -1,5 +1,5 @@
 # Docker image for the E2E tests runner
-FROM --platform=$TARGETPLATFORM docker.io/library/golang:1.18.5
+FROM --platform=$TARGETPLATFORM docker.io/library/golang:1.19.0
 
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
diff --git a/test/e2e/test/helper/yaml.go b/test/e2e/test/helper/yaml.go
index 006c8bc501..0a035aa340 100644
--- a/test/e2e/test/helper/yaml.go
+++ b/test/e2e/test/helper/yaml.go
@@ -144,6 +144,7 @@ func (yd *YAMLDecoder) ToObjects(reader *bufio.Reader) ([]runtime.Object, error)
 // RunFile runs the builder workflow for all known resources in a yaml file, all other objects are created before and deleted
 // after. Resources will be created in a given namespace and with a given suffix. Additional objects to be created and deleted
 // can be passed as well as set of optional transformations to apply to all Builders.
+//
 //nolint:thelper
 func RunFile(
 	t *testing.T,
diff --git a/test/e2e/test/run_mutation.go b/test/e2e/test/run_mutation.go
index 4921c94d7f..6899517224 100644
--- a/test/e2e/test/run_mutation.go
+++ b/test/e2e/test/run_mutation.go
@@ -78,6 +78,7 @@ func RunMutationsWhileWatching(t *testing.T, creationBuilders []Builder, mutatio
 }
 
 // RunMutations tests one resource change on a given resource.
+//
 //nolint:thelper
 func RunMutation(t *testing.T, toCreate Builder, mutateTo Builder) {
 	RunMutations(t, []Builder{toCreate}, []Builder{mutateTo})
diff --git a/test/e2e/test/step.go b/test/e2e/test/step.go
index eaf4403f26..b1813b961a 100644
--- a/test/e2e/test/step.go
+++ b/test/e2e/test/step.go
@@ -33,6 +33,7 @@ func (l StepList) WithStep(testStep Step) StepList {
 }
 
 // RunSequential runs the StepList sequentially, and fails fast on first error.
+//
 //nolint:thelper
 func (l StepList) RunSequential(t *testing.T) {
 	for _, ts := range l {