diff --git a/cloudmock/openstack/mocknetworking/routers.go b/cloudmock/openstack/mocknetworking/routers.go
index 399d93da7d..1e86dd3681 100644
--- a/cloudmock/openstack/mocknetworking/routers.go
+++ b/cloudmock/openstack/mocknetworking/routers.go
@@ -181,7 +181,8 @@ func (m *MockClient) routerInterface(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		panic("error decoding create router interface request")
 	}
-	if parts[2] == "add_router_interface" {
+	switch parts[2] {
+	case "add_router_interface":
 		subnet := m.subnets[createInterface.SubnetID]
 		interfaces := m.routerInterfaces[routerID]
 		interfaces = append(interfaces, routers.InterfaceInfo{
@@ -201,7 +202,7 @@ func (m *MockClient) routerInterface(w http.ResponseWriter, r *http.Request) {
 			},
 		}
 		m.ports[port.ID] = port
-	} else if parts[2] == "remove_router_interface" {
+	case "remove_router_interface":
 		interfaces := make([]routers.InterfaceInfo, 0)
 		for _, i := range m.routerInterfaces[routerID] {
 			if i.SubnetID != createInterface.SubnetID {
@@ -209,7 +210,7 @@ func (m *MockClient) routerInterface(w http.ResponseWriter, r *http.Request) {
 			}
 		}
 		m.routerInterfaces[routerID] = interfaces
-	} else {
+	default:
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
diff --git a/cmd/kops/integration_test.go b/cmd/kops/integration_test.go
index 4c8d281d9c..2cc12e8d3d 100644
--- a/cmd/kops/integration_test.go
+++ b/cmd/kops/integration_test.go
@@ -1633,7 +1633,8 @@ func (i *integrationTest) runTestPhase(t *testing.T, phase cloudup.Phase) {
 
 	expectedFilenames := i.expectTerraformFilenames
 
-	if phase == cloudup.PhaseSecurity {
+	switch phase {
+	case cloudup.PhaseSecurity:
 		expectedFilenames = []string{
 			"aws_iam_role_masters." + i.clusterName + "_policy",
 			"aws_iam_role_nodes." + i.clusterName + "_policy",
@@ -1648,7 +1649,7 @@ func (i *integrationTest) runTestPhase(t *testing.T, phase cloudup.Phase) {
 				"aws_launch_template_bastion." + i.clusterName + "_user_data",
 			}...)
 		}
-	} else if phase == cloudup.PhaseCluster {
+	case cloudup.PhaseCluster:
 		expectedFilenames = []string{
 			"aws_launch_template_nodes." + i.clusterName + "_user_data",
 		}
diff --git a/cmd/kops/toolbox_instance-selector.go b/cmd/kops/toolbox_instance-selector.go
index d941af8cba..601d0f94e2 100644
--- a/cmd/kops/toolbox_instance-selector.go
+++ b/cmd/kops/toolbox_instance-selector.go
@@ -520,7 +520,8 @@ func decorateWithMixedInstancesPolicy(instanceGroup *kops.InstanceGroup, usageCl
 	ig := instanceGroup
 	ig.Spec.MachineType = instanceSelections[0]
 
-	if usageClass == ec2types.UsageClassTypeSpot {
+	switch usageClass {
+	case ec2types.UsageClassTypeSpot:
 		ondemandBase := int64(0)
 		ondemandAboveBase := int64(0)
 		spotAllocationStrategy := "capacity-optimized"
@@ -530,11 +531,11 @@ func decorateWithMixedInstancesPolicy(instanceGroup *kops.InstanceGroup, usageCl
 			OnDemandAboveBase:      &ondemandAboveBase,
 			SpotAllocationStrategy: &spotAllocationStrategy,
 		}
-	} else if usageClass == ec2types.UsageClassTypeOnDemand {
+	case ec2types.UsageClassTypeOnDemand:
 		ig.Spec.MixedInstancesPolicy = &kops.MixedInstancesPolicySpec{
 			Instances: instanceSelections,
 		}
-	} else {
+	default:
 		return nil, fmt.Errorf("error node usage class not supported")
 	}
 
diff --git a/dns-controller/pkg/watchers/node.go b/dns-controller/pkg/watchers/node.go
index 6defca1717..b48cfcfd5a 100644
--- a/dns-controller/pkg/watchers/node.go
+++ b/dns-controller/pkg/watchers/node.go
@@ -201,9 +201,10 @@ func (c *NodeController) updateNodeRecords(node *v1.Node) string {
 
 		for _, a := range node.Status.Addresses {
 			var roleType string
-			if a.Type == v1.NodeInternalIP {
+			switch a.Type {
+			case v1.NodeInternalIP:
 				roleType = dns.RoleTypeInternal
-			} else if a.Type == v1.NodeExternalIP {
+			case v1.NodeExternalIP:
 				roleType = dns.RoleTypeExternal
 			}
 			var recordType dns.RecordType = dns.RecordTypeA
diff --git a/dns-controller/pkg/watchers/service.go b/dns-controller/pkg/watchers/service.go
index af73973d84..48c5c1a687 100644
--- a/dns-controller/pkg/watchers/service.go
+++ b/dns-controller/pkg/watchers/service.go
@@ -152,7 +152,8 @@ func (c *ServiceController) updateServiceRecords(service *v1.Service) string {
 	if len(specExternal) != 0 || len(specInternal) != 0 {
 		var ingresses []dns.Record
 
-		if service.Spec.Type == v1.ServiceTypeLoadBalancer {
+		switch service.Spec.Type {
+		case v1.ServiceTypeLoadBalancer:
 			for i := range service.Status.LoadBalancer.Ingress {
 				ingress := &service.Status.LoadBalancer.Ingress[i]
 				if ingress.Hostname != "" {
@@ -175,7 +176,7 @@ func (c *ServiceController) updateServiceRecords(service *v1.Service) string {
 					klog.V(4).Infof("Found A record for service %s/%s: %q", service.Namespace, service.Name, ingress.IP)
 				}
 			}
-		} else if service.Spec.Type == v1.ServiceTypeNodePort {
+		case v1.ServiceTypeNodePort:
 			var roleType string
 			if len(specExternal) != 0 && len(specInternal) != 0 {
 				klog.Warningln("DNS Records not possible for both Internal and Externals IPs.")
@@ -190,7 +191,7 @@ func (c *ServiceController) updateServiceRecords(service *v1.Service) string {
 				Value:      dns.AliasForNodesInRole("node", roleType),
 			})
 			klog.V(4).Infof("Setting internal alias for NodePort service %s/%s", service.Namespace, service.Name)
-		} else {
+		default:
 			// TODO: Emit event so that users are informed of this
 			klog.V(2).Infof("Cannot expose service %s/%s of type %q", service.Namespace, service.Name, service.Spec.Type)
 		}
diff --git a/pkg/apis/kops/validation/validation.go b/pkg/apis/kops/validation/validation.go
index eb6ecc7154..876126e849 100644
--- a/pkg/apis/kops/validation/validation.go
+++ b/pkg/apis/kops/validation/validation.go
@@ -1629,13 +1629,14 @@ func validateCalicoAutoDetectionMethod(fldPath *field.Path, runtime string, vers
 	case "can-reach":
 		destStr := method[1]
 		ip := netutils.ParseIPSloppy(destStr)
-		if version == ipv4.Version {
+		switch version {
+		case ipv4.Version:
 			if ip == nil || ip.To4() == nil {
 				return field.ErrorList{field.Invalid(fldPath, runtime, "must be a valid IPv4 address")}
 			} else {
 				return nil
 			}
-		} else if version == ipv6.Version {
+		case ipv6.Version:
 			if ip == nil || ip.To4() != nil {
 				return field.ErrorList{field.Invalid(fldPath, runtime, "must be a valid IPv6 address")}
 			} else {
diff --git a/pkg/applylib/mocks/mockkubeapiserver/putresource.go b/pkg/applylib/mocks/mockkubeapiserver/putresource.go
index 5a0512f326..8dd60174df 100644
--- a/pkg/applylib/mocks/mockkubeapiserver/putresource.go
+++ b/pkg/applylib/mocks/mockkubeapiserver/putresource.go
@@ -62,9 +62,10 @@ func (req *putResource) Run(s *MockKubeAPIServer) error {
 
 	var updated *unstructured.Unstructured
 
-	if req.SubResource == "" {
+	switch req.SubResource {
+	case "":
 		updated = body
-	} else if req.SubResource == "status" {
+	case "status":
 		updated = existing.DeepCopyObject().(*unstructured.Unstructured)
 		newStatus := body.Object["status"]
 		if newStatus == nil {
@@ -72,7 +73,7 @@ func (req *putResource) Run(s *MockKubeAPIServer) error {
 			return fmt.Errorf("status not specified on status subresource update")
 		}
 		updated.Object["status"] = newStatus
-	} else {
+	default:
 		// TODO: We need to implement put properly
 		return fmt.Errorf("unknown subresource %q", req.SubResource)
 	}
diff --git a/pkg/model/awsmodel/autoscalinggroup.go b/pkg/model/awsmodel/autoscalinggroup.go
index 154343c38a..c4114fea16 100644
--- a/pkg/model/awsmodel/autoscalinggroup.go
+++ b/pkg/model/awsmodel/autoscalinggroup.go
@@ -311,11 +311,12 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchTemplateTask(c *fi.CloudupMode
 		lt.HTTPTokens = fi.PtrTo(ec2types.LaunchTemplateHttpTokensStateOptional)
 	}
 
-	if rootVolumeType == ec2types.VolumeTypeIo1 || rootVolumeType == ec2types.VolumeTypeIo2 {
+	switch rootVolumeType {
+	case ec2types.VolumeTypeIo1, ec2types.VolumeTypeIo2:
 		if ig.Spec.RootVolume == nil || fi.ValueOf(ig.Spec.RootVolume.IOPS) < 100 {
 			lt.RootVolumeIops = fi.PtrTo(int32(DefaultVolumeIonIops))
 		}
-	} else if rootVolumeType == ec2types.VolumeTypeGp3 {
+	case ec2types.VolumeTypeGp3:
 		if ig.Spec.RootVolume == nil || fi.ValueOf(ig.Spec.RootVolume.IOPS) < 3000 {
 			lt.RootVolumeIops = fi.PtrTo(int32(DefaultVolumeGp3Iops))
 		}
@@ -324,7 +325,7 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchTemplateTask(c *fi.CloudupMode
 		} else {
 			lt.RootVolumeThroughput = fi.PtrTo(int32(fi.ValueOf(ig.Spec.RootVolume.Throughput)))
 		}
-	} else {
+	default:
 		lt.RootVolumeIops = nil
 	}
 
diff --git a/pkg/model/openstackmodel/firewall.go b/pkg/model/openstackmodel/firewall.go
index 5732425a66..43477c2d8d 100644
--- a/pkg/model/openstackmodel/firewall.go
+++ b/pkg/model/openstackmodel/firewall.go
@@ -729,11 +729,12 @@ func (b *FirewallModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 			Lifecycle:   b.Lifecycle,
 			RemoveGroup: false,
 		}
-		if role == kops.InstanceGroupRoleBastion {
+		switch role {
+		case kops.InstanceGroupRoleBastion:
 			sg.RemoveExtraRules = []string{"port=22"}
-		} else if role == kops.InstanceGroupRoleNode {
+		case kops.InstanceGroupRoleNode:
 			sg.RemoveExtraRules = []string{"port=22", "port=10250"}
-		} else if role == kops.InstanceGroupRoleControlPlane {
+		case kops.InstanceGroupRoleControlPlane:
 			sg.RemoveExtraRules = []string{"port=22", "port=443", "port=10250"}
 		}
 		c.AddTask(sg)
diff --git a/pkg/pki/privatekey.go b/pkg/pki/privatekey.go
index 492d8f1b84..a3a094af88 100644
--- a/pkg/pki/privatekey.go
+++ b/pkg/pki/privatekey.go
@@ -190,20 +190,21 @@ func parsePEMPrivateKey(pemData []byte) (crypto.Signer, error) {
 			return nil, fmt.Errorf("could not parse private key (unable to decode PEM)")
 		}
 
-		if block.Type == "RSA PRIVATE KEY" {
+		switch block.Type {
+		case "RSA PRIVATE KEY":
 			klog.V(10).Infof("Parsing pem block: %q", block.Type)
 			return x509.ParsePKCS1PrivateKey(block.Bytes)
-		} else if block.Type == "EC PRIVATE KEY" {
+		case "EC PRIVATE KEY":
 			klog.V(10).Infof("Parsing pem block: %q", block.Type)
 			return x509.ParseECPrivateKey(block.Bytes)
-		} else if block.Type == "PRIVATE KEY" {
+		case "PRIVATE KEY":
 			klog.V(10).Infof("Parsing pem block: %q", block.Type)
 			k, err := x509.ParsePKCS8PrivateKey(block.Bytes)
 			if err != nil {
 				return nil, err
 			}
 			return k.(crypto.Signer), nil
-		} else {
+		default:
 			klog.Infof("Ignoring unexpected PEM block: %q", block.Type)
 		}
 
diff --git a/pkg/pki/publickey.go b/pkg/pki/publickey.go
index 8e986ad479..2154d129ac 100644
--- a/pkg/pki/publickey.go
+++ b/pkg/pki/publickey.go
@@ -47,19 +47,20 @@ func parsePEMPublicKey(pemData []byte) (crypto.PublicKey, error) {
 			return nil, fmt.Errorf("could not parse private key")
 		}
 
-		if block.Type == "RSA PUBLIC KEY" {
+		switch block.Type {
+		case "RSA PUBLIC KEY":
 			k, err := x509.ParsePKCS1PublicKey(block.Bytes)
 			if err != nil {
 				return nil, err
 			}
 			return k, nil
-		} else if block.Type == "PUBLIC KEY" {
+		case "PUBLIC KEY":
 			k, err := x509.ParsePKIXPublicKey(block.Bytes)
 			if err != nil {
 				return nil, err
 			}
 			return k.(crypto.PublicKey), nil
-		} else {
+		default:
 			klog.Infof("Ignoring unexpected PEM block: %q", block.Type)
 		}
 
diff --git a/upup/pkg/fi/cloudup/awsup/aws_cloud.go b/upup/pkg/fi/cloudup/awsup/aws_cloud.go
index e384b022f8..eab60cb2fa 100644
--- a/upup/pkg/fi/cloudup/awsup/aws_cloud.go
+++ b/upup/pkg/fi/cloudup/awsup/aws_cloud.go
@@ -2184,13 +2184,14 @@ func findDNSName(cloud AWSCloud, cluster *kops.Cluster) (string, error) {
 	if cluster.Spec.API.LoadBalancer == nil {
 		return "", nil
 	}
-	if cluster.Spec.API.LoadBalancer.Class == kops.LoadBalancerClassClassic {
+	switch cluster.Spec.API.LoadBalancer.Class {
+	case kops.LoadBalancerClassClassic:
 		if lb, err := cloud.FindELBByNameTag(name); err != nil {
 			return "", fmt.Errorf("error looking for AWS ELB: %v", err)
 		} else if lb != nil {
 			return aws.ToString(lb.DNSName), nil
 		}
-	} else if cluster.Spec.API.LoadBalancer.Class == kops.LoadBalancerClassNetwork {
+	case kops.LoadBalancerClassNetwork:
 		allLoadBalancers, err := ListELBV2LoadBalancers(ctx, cloud)
 		if err != nil {
 			return "", fmt.Errorf("looking for AWS NLB: %w", err)
diff --git a/upup/pkg/fi/cloudup/gcetasks/subnet.go b/upup/pkg/fi/cloudup/gcetasks/subnet.go
index 2508d8d809..93d30b6059 100644
--- a/upup/pkg/fi/cloudup/gcetasks/subnet.go
+++ b/upup/pkg/fi/cloudup/gcetasks/subnet.go
@@ -195,7 +195,8 @@ func updateSecondaryRanges(cloud gce.GCECloud, op string, e *Subnet) error {
 	}
 
 	// Cannot add and remove ranges in the same call
-	if op == "add" {
+	switch op {
+	case "add":
 		patch := false
 		for k, v := range expectedRanges {
 			if actualRanges[k] != v {
@@ -211,7 +212,7 @@ func updateSecondaryRanges(cloud gce.GCECloud, op string, e *Subnet) error {
 		if !patch {
 			return nil
 		}
-	} else if op == "remove" {
+	case "remove":
 		patch := false
 		if len(actualRanges) != len(expectedRanges) {
 			patch = true
diff --git a/upup/pkg/fi/cloudup/openstacktasks/lb.go b/upup/pkg/fi/cloudup/openstacktasks/lb.go
index 1e55fbecb3..26c87c2512 100644
--- a/upup/pkg/fi/cloudup/openstacktasks/lb.go
+++ b/upup/pkg/fi/cloudup/openstacktasks/lb.go
@@ -72,11 +72,12 @@ func waitLoadbalancerActiveProvisioningStatus(client *gophercloud.ServiceClient,
 			return false, err
 		}
 		provisioningStatus = loadbalancer.ProvisioningStatus
-		if loadbalancer.ProvisioningStatus == activeStatus {
+		switch loadbalancer.ProvisioningStatus {
+		case activeStatus:
 			return true, nil
-		} else if loadbalancer.ProvisioningStatus == errorStatus {
+		case errorStatus:
 			return true, fmt.Errorf("loadbalancer has gone into ERROR state")
-		} else {
+		default:
 			klog.Infof("Waiting for Loadbalancer to be ACTIVE...")
 			return false, nil
 		}
diff --git a/upup/pkg/fi/nodeup/command.go b/upup/pkg/fi/nodeup/command.go
index 2c05b3fe63..168efd44c6 100644
--- a/upup/pkg/fi/nodeup/command.go
+++ b/upup/pkg/fi/nodeup/command.go
@@ -241,7 +241,8 @@ func (c *NodeUpCommand) Run(out io.Writer) error {
 		return err
 	}
 
-	if bootConfig.CloudProvider == api.CloudProviderAWS {
+	switch bootConfig.CloudProvider {
+	case api.CloudProviderAWS:
 		instanceIDBytes, err := vfs.Context.ReadFile("metadata://aws/meta-data/instance-id")
 		if err != nil {
 			return fmt.Errorf("error reading instance-id from AWS metadata: %v", err)
@@ -276,7 +277,7 @@ func (c *NodeUpCommand) Run(out io.Writer) error {
 				modelContext.GPUVendor = architectures.GPUVendorNvidia
 			}
 		}
-	} else if bootConfig.CloudProvider == api.CloudProviderOpenstack {
+	case api.CloudProviderOpenstack:
 		// NvidiaGPU possible to enable only in instance group level in OpenStack. When we assume that GPU is supported
 		if nodeupConfig.NvidiaGPU != nil && fi.ValueOf(nodeupConfig.NvidiaGPU.Enabled) {
 			klog.Info("instance supports GPU acceleration")
diff --git a/upup/pkg/fi/nodeup/nodetasks/file.go b/upup/pkg/fi/nodeup/nodetasks/file.go
index 4d1fcf926b..b17008068a 100644
--- a/upup/pkg/fi/nodeup/nodetasks/file.go
+++ b/upup/pkg/fi/nodeup/nodetasks/file.go
@@ -243,7 +243,8 @@ func (_ *File) RenderLocal(_ *local.LocalTarget, a, e, changes *File) error {
 	}
 
 	changed := false
-	if e.Type == FileType_Symlink {
+	switch e.Type {
+	case FileType_Symlink:
 		if changes.Symlink != nil {
 			// This will currently fail if the target already exists.
 			// That's probably a good thing for now ... it is hard to know what to do here!
@@ -254,7 +255,7 @@ func (_ *File) RenderLocal(_ *local.LocalTarget, a, e, changes *File) error {
 			}
 			changed = true
 		}
-	} else if e.Type == FileType_Directory {
+	case FileType_Directory:
 		if a == nil {
 			parent := filepath.Dir(strings.TrimSuffix(e.Path, "/"))
 			err := os.MkdirAll(parent, dirMode)
@@ -268,7 +269,7 @@ func (_ *File) RenderLocal(_ *local.LocalTarget, a, e, changes *File) error {
 			}
 			changed = true
 		}
-	} else if e.Type == FileType_File {
+	case FileType_File:
 		if changes.Contents != nil {
 			err = fi.WriteFile(e.Path, e.Contents, fileMode, dirMode, fi.ValueOf(e.Owner), fi.ValueOf(e.Group))
 			if err != nil {
@@ -276,7 +277,7 @@ func (_ *File) RenderLocal(_ *local.LocalTarget, a, e, changes *File) error {
 			}
 			changed = true
 		}
-	} else {
+	default:
 		return fmt.Errorf("File type=%q not valid/supported", e.Type)
 	}
 
diff --git a/util/pkg/vfs/s3fs.go b/util/pkg/vfs/s3fs.go
index e486512249..9d5511e2a0 100644
--- a/util/pkg/vfs/s3fs.go
+++ b/util/pkg/vfs/s3fs.go
@@ -696,7 +696,8 @@ func (p *S3Path) RenderTerraform(w *terraformWriter.TerraformWriter, name string
 	}
 
 	// render DO's terraform
-	if p.scheme == "do" {
+	switch p.scheme {
+	case "do":
 
 		content, err := w.AddFileBytes("digitalocean_spaces_bucket_object", name, "content", bytes, false)
 		if err != nil {
@@ -719,7 +720,7 @@ func (p *S3Path) RenderTerraform(w *terraformWriter.TerraformWriter, name string
 		return w.RenderResource("digitalocean_spaces_bucket_object", name, tf)
 
 		// render Scaleway's Terraform objects
-	} else if p.scheme == "scw" {
+	case "scw":
 
 		content, err := w.AddFileBytes("scaleway_object", name, "content", bytes, false)
 		if err != nil {
@@ -733,7 +734,7 @@ func (p *S3Path) RenderTerraform(w *terraformWriter.TerraformWriter, name string
 		}
 		return w.RenderResource("scaleway_object", name, tf)
 
-	} else {
+	default:
 		bucketDetails, err := p.getBucketDetails(ctx)
 		if err != nil {
 			return err