diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml
index 68a09cef00c3ce8e57564a4dd8d11c11f24231a4..e31809bbdb7b3373d4f4ba7e920829c8f864bbc0 100644
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -26,6 +26,7 @@ force_etcd3: false
 
 # audit support
 kubernetes_audit: false
+# audit_log_path must not be set to "-" with kubeadm as it only handles a logfile named audit.log
 audit_log_path: /var/log/audit/kube-apiserver-audit.log
 # num days
 audit_log_maxage: 30
@@ -39,12 +40,11 @@ audit_policy_file: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.ya
 # audit log hostpath
 audit_log_name: audit-logs
 audit_log_hostpath: /var/log/kubernetes/audit
-audit_log_mountpath: /var/log/audit
-audit_log_writable: true
+audit_log_mountpath: "{{ audit_log_path | dirname }}"
 
 # audit policy hostpath
 audit_policy_name: audit-policy
-audit_policy_hostpath: /etc/kubernetes/audit-policy
+audit_policy_hostpath: "{{ audit_policy_file | dirname }}"
 audit_policy_mountpath: "{{ audit_policy_hostpath }}"
 
 # Limits for kube components
diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml
index 2ba7485a1f1e16a9944371d91703e66910212d3c..519c4d65d5ac72c106e2c68b6aa6d58ebe9d26da 100644
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -66,13 +66,15 @@
   changed_when: false
 
 - name: Create audit-policy directory
-  file: path={{ kube_config_dir }}/audit-policy state=directory
+  file:
+    path: "{{ audit_policy_file | dirname }}"
+    state: directory
   when: kubernetes_audit|default(false)
 
 - name: Write api audit policy yaml
   template:
     src: apiserver-audit-policy.yaml.j2
-    dest: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
+    dest: "{{ audit_policy_file }}"
   when: kubernetes_audit|default(false)
 
 - name: gets the kubeadm version
diff --git a/roles/kubernetes/master/tasks/static-pod-setup.yml b/roles/kubernetes/master/tasks/static-pod-setup.yml
index b1fbdc0952c2c9634f0ac09233e7f1ab71a153fe..4b563828917f73331c26e0e3cc6db24f87dc493f 100644
--- a/roles/kubernetes/master/tasks/static-pod-setup.yml
+++ b/roles/kubernetes/master/tasks/static-pod-setup.yml
@@ -1,6 +1,8 @@
 ---
 - name: Create audit-policy directory
-  file: path={{ kube_config_dir }}/audit-policy state=directory
+  file:
+    path: "{{ audit_policy_file | dirname }}"
+    state: directory
   tags:
     - kube-apiserver
   when: kubernetes_audit|default(false)
@@ -8,7 +10,7 @@
 - name: Write api audit policy yaml
   template:
     src: apiserver-audit-policy.yaml.j2
-    dest: "{{ kube_config_dir }}/audit-policy/apiserver-audit-policy.yaml"
+    dest: "{{ audit_policy_file }}"
   notify: Master | Restart apiserver
   tags:
     - kube-apiserver
diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
index 29aac6f87a1d783b5be10b9112f0e234712b0b9e..07ce9145deb245c15a8c02c57f69708be693bb57 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
@@ -14,7 +14,7 @@ etcd:
       keyFile: {{ kube_config_dir }}/ssl/etcd/node-{{ inventory_hostname }}-key.pem
 {% if kubernetes_audit %}
 auditPolicy:
-  logDir: {{ audit_log_path }}
+  logDir: {{ audit_log_mountpath }}
   logMaxAge: {{ audit_log_maxage }}
   path: {{ audit_policy_file }}
 {% endif %}
@@ -93,6 +93,9 @@ apiServerExtraVolumes:
 - name: {{ audit_policy_name }}
   hostPath: {{ audit_policy_hostpath }}
   mountPath: {{ audit_policy_mountpath }}
+- name: {{ audit_log_name }}
+  hostPath: {{ audit_log_hostpath }}
+  mountPath: {{ audit_log_mountpath }}
 {% endif %}
 {% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
 controllerManagerExtraVolumes:
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index 9cec5ded78731c7c5f5b1c3f65e87214eb1f4761..765b3d1519eec5e3a1497f7f1389b24efe6a0212 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -193,12 +193,13 @@ spec:
       readOnly: true
 {% endif %}
 {% if kubernetes_audit %}
+{% if audit_log_path != "-" %}
     - mountPath: {{ audit_log_mountpath }}
       name: {{ audit_log_name }}
       Writable: true
+{% endif %}
     - mountPath: {{ audit_policy_mountpath }}
       name: {{ audit_policy_name }}
-      Writable: true
 {% endif %}
   volumes:
   - hostPath:
@@ -221,9 +222,11 @@ spec:
     name: rhel-ca-bundle
 {% endif %}
 {% if kubernetes_audit %}
+{% if audit_log_path != "-" %}
   - hostPath:
       path: {{ audit_log_hostpath }}
     name: {{ audit_log_name }}
+{% endif %}
   - hostPath:
       path: {{ audit_policy_hostpath }}
     name: {{ audit_policy_name }}