diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
index 73faa288973f49dd0437882822f00950f06bebc5..caceb51287e9df1b2df8944815bfaa6a0aea2b97 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
@@ -158,7 +158,7 @@ apiServer:
   - name: {{ volume.name }}
     hostPath: {{ volume.hostPath }}
     mountPath: {{ volume.mountPath }}
-    readOnly: {{ volume.readOnly | d(not volume.writable) }}
+    readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
 {% endfor %}
 {% endif %}
   certSANs:
@@ -201,7 +201,7 @@ controllerManager:
   - name: {{ volume.name }}
     hostPath: {{ volume.hostPath }}
     mountPath: {{ volume.mountPath }}
-    readOnly: {{ volume.readOnly | d(not volume.writable) }}
+    readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
 {% endfor %}
 {% endif %}
 scheduler:
@@ -222,7 +222,7 @@ scheduler:
   - name: {{ volume.name }}
     hostPath: {{ volume.hostPath }}
     mountPath: {{ volume.mountPath }}
-    readOnly: {{ volume.readOnly | d(not volume.writable) }}
+    readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
 {% endfor %}
 {% endif %}
 ---