diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index 414943842851e5121a0889f46ff87df5aa7e7d50..f6f5cce63ccd5d6f4250905bb0606709891570fb 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -41,7 +41,7 @@ netchecker_server_memory_requests: 64M
 # Dashboard
 dashboard_enabled: true
 dashboard_image_repo: gcr.io/google_containers/kubernetes-dashboard-amd64
-dashboard_image_tag: v1.8.0
+dashboard_image_tag: v1.8.1
 dashboard_init_image_repo: gcr.io/google_containers/kubernetes-dashboard-init-amd64
 dashboard_init_image_tag: v1.0.1
 
diff --git a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
index ed8478dc4608c0e7ee2f3066e2013cde0a0b6e8c..ca6feea1ae684ad5817772461718fbe063aab0d8 100644
--- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
@@ -140,7 +140,7 @@ spec:
       labels:
         k8s-app: kubernetes-dashboard
     spec:
-{% if not dashboard_use_custom_certs %}
+{% if dashboard_use_custom_certs %}
       initContainers:
       - name: kubernetes-dashboard-init
         image: {{ dashboard_init_image_repo }}:{{ dashboard_init_image_tag }}
@@ -163,23 +163,20 @@ spec:
         - containerPort: 8443
           protocol: TCP
         args:
-{% if not dashboard_use_custom_certs %}
-          - --tls-key-file=/certs/{{ dashboard_tls_key_file }}
-          - --tls-cert-file=/certs/{{ dashboard_tls_cert_file }}
+{% if dashboard_use_custom_certs %}
+          - --tls-key-file={{ dashboard_tls_key_file }}
+          - --tls-cert-file={{ dashboard_tls_cert_file }}
           - --authentication-mode=token{% if kube_basic_auth|default(false) %},basic{% endif %}
 {% else %}
           - --auto-generate-certificates
-{% endif %}
 {% endif %}
           # Uncomment the following line to manually specify Kubernetes API server Host
           # If not specified, Dashboard will attempt to auto discover the API server and connect
           # to it. Uncomment only if the default does not work.
           # - --apiserver-host=http://my-address:port
         volumeMounts:
-{% if not dashboard_use_custom_certs %}
         - name: kubernetes-dashboard-certs
           mountPath: /certs
-{% endif %}
           # Create on-disk volume to store exec logs
         - mountPath: /tmp
           name: tmp-volume
@@ -191,11 +188,9 @@ spec:
           initialDelaySeconds: 30
           timeoutSeconds: 30
       volumes:
-{% if not dashboard_use_custom_certs %}
       - name: kubernetes-dashboard-certs
         secret:
-          secretName: kubernetes-dashboard-certs
-{% endif %}
+          secretName: {{ dashboard_certs_secret_name }}
       - name: tmp-volume
         emptyDir: {}
       serviceAccountName: kubernetes-dashboard