diff --git a/cmd/kubeadm/app/apis/kubeadm/types.go b/cmd/kubeadm/app/apis/kubeadm/types.go
index 3351c919511..f97844c365a 100644
--- a/cmd/kubeadm/app/apis/kubeadm/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/types.go
@@ -369,8 +369,8 @@ type HostPathMount struct {
 	HostPath string
 	// MountPath is the path inside the pod where hostPath will be mounted.
 	MountPath string
-	// Writable controls write access to the volume
-	Writable bool
+	// ReadOnly controls write access to the volume
+	ReadOnly bool
 	// PathType is the type of the HostPath.
 	PathType v1.HostPathType
 }
diff --git a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/conversion.go b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/conversion.go
index 4ff1cdebfb7..a70861256b4 100644
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/conversion.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/conversion.go
@@ -17,8 +17,6 @@ limitations under the License.
 package v1alpha3
 
 import (
-	"unsafe"
-
 	"k8s.io/apimachinery/pkg/conversion"
 	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 )
@@ -85,14 +83,20 @@ func Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in *C
 	}
 
 	out.APIServer.ExtraArgs = in.APIServerExtraArgs
-	out.APIServer.ExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.APIServerExtraVolumes))
 	out.APIServer.CertSANs = in.APIServerCertSANs
+	if err := convertSlice_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(&in.APIServerExtraVolumes, &out.APIServer.ExtraVolumes, s); err != nil {
+		return err
+	}
 
 	out.ControllerManager.ExtraArgs = in.ControllerManagerExtraArgs
-	out.ControllerManager.ExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.ControllerManagerExtraVolumes))
+	if err := convertSlice_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(&in.ControllerManagerExtraVolumes, &out.ControllerManager.ExtraVolumes, s); err != nil {
+		return err
+	}
 
 	out.Scheduler.ExtraArgs = in.SchedulerExtraArgs
-	out.Scheduler.ExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.SchedulerExtraVolumes))
+	if err := convertSlice_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(&in.SchedulerExtraVolumes, &out.Scheduler.ExtraVolumes, s); err != nil {
+		return err
+	}
 
 	return nil
 }
@@ -103,14 +107,66 @@ func Convert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(in *k
 	}
 
 	out.APIServerExtraArgs = in.APIServer.ExtraArgs
-	out.APIServerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.APIServer.ExtraVolumes))
 	out.APIServerCertSANs = in.APIServer.CertSANs
+	if err := convertSlice_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(&in.APIServer.ExtraVolumes, &out.APIServerExtraVolumes, s); err != nil {
+		return err
+	}
 
 	out.ControllerManagerExtraArgs = in.ControllerManager.ExtraArgs
-	out.ControllerManagerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.ControllerManager.ExtraVolumes))
+	if err := convertSlice_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(&in.ControllerManager.ExtraVolumes, &out.ControllerManagerExtraVolumes, s); err != nil {
+		return err
+	}
 
 	out.SchedulerExtraArgs = in.Scheduler.ExtraArgs
-	out.SchedulerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.Scheduler.ExtraVolumes))
+	if err := convertSlice_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(&in.Scheduler.ExtraVolumes, &out.SchedulerExtraVolumes, s); err != nil {
+		return err
+	}
 
 	return nil
 }
+
+func Convert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in *HostPathMount, out *kubeadm.HostPathMount, s conversion.Scope) error {
+	if err := autoConvert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in, out, s); err != nil {
+		return err
+	}
+
+	out.ReadOnly = !in.Writable
+	return nil
+}
+
+func Convert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in *kubeadm.HostPathMount, out *HostPathMount, s conversion.Scope) error {
+	if err := autoConvert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in, out, s); err != nil {
+		return err
+	}
+
+	out.Writable = !in.ReadOnly
+	return nil
+}
+
+func convertSlice_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in *[]HostPathMount, out *[]kubeadm.HostPathMount, s conversion.Scope) error {
+	if *in != nil {
+		*out = make([]kubeadm.HostPathMount, len(*in))
+		for i := range *in {
+			if err := Convert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		*out = nil
+	}
+	return nil
+}
+
+func convertSlice_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in *[]kubeadm.HostPathMount, out *[]HostPathMount, s conversion.Scope) error {
+	if *in != nil {
+		*out = make([]HostPathMount, len(*in))
+		for i := range *in {
+			if err := Convert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(&(*in)[i], &(*out)[i], s); err != nil {
+				return err
+			}
+		}
+	} else {
+		*out = nil
+	}
+	return nil
+}
diff --git a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/zz_generated.conversion.go b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/zz_generated.conversion.go
index 1cc66d9f3bf..2aad6f6ac03 100644
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/zz_generated.conversion.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/zz_generated.conversion.go
@@ -182,6 +182,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*kubeadm.HostPathMount)(nil), (*HostPathMount)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(a.(*kubeadm.HostPathMount), b.(*HostPathMount), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddConversionFunc((*kubeadm.JoinConfiguration)(nil), (*JoinConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_kubeadm_JoinConfiguration_To_v1alpha3_JoinConfiguration(a.(*kubeadm.JoinConfiguration), b.(*JoinConfiguration), scope)
 	}); err != nil {
@@ -192,6 +197,11 @@ func RegisterConversions(s *runtime.Scheme) error {
 	}); err != nil {
 		return err
 	}
+	if err := s.AddConversionFunc((*HostPathMount)(nil), (*kubeadm.HostPathMount)(nil), func(a, b interface{}, scope conversion.Scope) error {
+		return Convert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(a.(*HostPathMount), b.(*kubeadm.HostPathMount), scope)
+	}); err != nil {
+		return err
+	}
 	if err := s.AddConversionFunc((*JoinConfiguration)(nil), (*kubeadm.JoinConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
 		return Convert_v1alpha3_JoinConfiguration_To_kubeadm_JoinConfiguration(a.(*JoinConfiguration), b.(*kubeadm.JoinConfiguration), scope)
 	}); err != nil {
@@ -422,30 +432,20 @@ func autoConvert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in *HostPathMou
 	out.Name = in.Name
 	out.HostPath = in.HostPath
 	out.MountPath = in.MountPath
-	out.Writable = in.Writable
+	// WARNING: in.Writable requires manual conversion: does not exist in peer-type
 	out.PathType = corev1.HostPathType(in.PathType)
 	return nil
 }
 
-// Convert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount is an autogenerated conversion function.
-func Convert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in *HostPathMount, out *kubeadm.HostPathMount, s conversion.Scope) error {
-	return autoConvert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in, out, s)
-}
-
 func autoConvert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in *kubeadm.HostPathMount, out *HostPathMount, s conversion.Scope) error {
 	out.Name = in.Name
 	out.HostPath = in.HostPath
 	out.MountPath = in.MountPath
-	out.Writable = in.Writable
+	// WARNING: in.ReadOnly requires manual conversion: does not exist in peer-type
 	out.PathType = corev1.HostPathType(in.PathType)
 	return nil
 }
 
-// Convert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount is an autogenerated conversion function.
-func Convert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in *kubeadm.HostPathMount, out *HostPathMount, s conversion.Scope) error {
-	return autoConvert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in, out, s)
-}
-
 func autoConvert_v1alpha3_InitConfiguration_To_kubeadm_InitConfiguration(in *InitConfiguration, out *kubeadm.InitConfiguration, s conversion.Scope) error {
 	if err := Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(&in.ClusterConfiguration, &out.ClusterConfiguration, s); err != nil {
 		return err
diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/doc.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/doc.go
index ebba802fbd9..a1fe2f351a2 100644
--- a/cmd/kubeadm/app/apis/kubeadm/v1beta1/doc.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/doc.go
@@ -207,7 +207,7 @@ limitations under the License.
 //	  - name: "some-volume"
 //	    hostPath: "/etc/some-path"
 //	    mountPath: "/etc/some-pod-path"
-//	    writable: true
+//	    readOnly: false
 //	    pathType: File
 //	  certSANs:
 //	  - "10.100.1.1"
@@ -219,7 +219,7 @@ limitations under the License.
 //	  - name: "some-volume"
 //	    hostPath: "/etc/some-path"
 //	    mountPath: "/etc/some-pod-path"
-//	    writable: true
+//	    readOnly: false
 //	    pathType: File
 //	scheduler:
 //	  extraArgs:
@@ -228,7 +228,7 @@ limitations under the License.
 //	  - name: "some-volume"
 //	    hostPath: "/etc/some-path"
 //	    mountPath: "/etc/some-pod-path"
-//	    writable: true
+//	    readOnly: false
 //	    pathType: File
 //	certificatesDir: "/etc/kubernetes/pki"
 //	imageRepository: "k8s.gcr.io"
diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go
index 9378243e0a5..5ac764c3e44 100644
--- a/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/types.go
@@ -336,8 +336,8 @@ type HostPathMount struct {
 	HostPath string `json:"hostPath"`
 	// MountPath is the path inside the pod where hostPath will be mounted.
 	MountPath string `json:"mountPath"`
-	// Writable controls write access to the volume
-	Writable bool `json:"writable,omitempty"`
+	// ReadOnly controls write access to the volume
+	ReadOnly bool `json:"readOnly,omitempty"`
 	// PathType is the type of the HostPath.
 	PathType v1.HostPathType `json:"pathType,omitempty"`
 }
diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta1/zz_generated.conversion.go b/cmd/kubeadm/app/apis/kubeadm/v1beta1/zz_generated.conversion.go
index fda28f950d3..36b11a3ed94 100644
--- a/cmd/kubeadm/app/apis/kubeadm/v1beta1/zz_generated.conversion.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta1/zz_generated.conversion.go
@@ -590,7 +590,7 @@ func autoConvert_v1beta1_HostPathMount_To_kubeadm_HostPathMount(in *HostPathMoun
 	out.Name = in.Name
 	out.HostPath = in.HostPath
 	out.MountPath = in.MountPath
-	out.Writable = in.Writable
+	out.ReadOnly = in.ReadOnly
 	out.PathType = corev1.HostPathType(in.PathType)
 	return nil
 }
@@ -604,7 +604,7 @@ func autoConvert_kubeadm_HostPathMount_To_v1beta1_HostPathMount(in *kubeadm.Host
 	out.Name = in.Name
 	out.HostPath = in.HostPath
 	out.MountPath = in.MountPath
-	out.Writable = in.Writable
+	out.ReadOnly = in.ReadOnly
 	out.PathType = corev1.HostPathType(in.PathType)
 	return nil
 }
diff --git a/cmd/kubeadm/app/phases/controlplane/volumes.go b/cmd/kubeadm/app/phases/controlplane/volumes.go
index ea96a971f0b..8ca3b9b8b04 100644
--- a/cmd/kubeadm/app/phases/controlplane/volumes.go
+++ b/cmd/kubeadm/app/phases/controlplane/volumes.go
@@ -151,7 +151,7 @@ func (c *controlPlaneHostPathMounts) AddExtraHostPathMounts(component string, ex
 	for _, extraVol := range extraVols {
 		fmt.Printf("[controlplane] Adding extra host path mount %q to %q\n", extraVol.Name, component)
 		hostPathType := extraVol.PathType
-		c.NewHostPathMount(component, extraVol.Name, extraVol.HostPath, extraVol.MountPath, !extraVol.Writable, &hostPathType)
+		c.NewHostPathMount(component, extraVol.Name, extraVol.HostPath, extraVol.MountPath, extraVol.ReadOnly, &hostPathType)
 	}
 }
 
diff --git a/cmd/kubeadm/app/phases/controlplane/volumes_test.go b/cmd/kubeadm/app/phases/controlplane/volumes_test.go
index 2f3b7649dd9..8d3dba07c11 100644
--- a/cmd/kubeadm/app/phases/controlplane/volumes_test.go
+++ b/cmd/kubeadm/app/phases/controlplane/volumes_test.go
@@ -621,28 +621,28 @@ func TestAddExtraHostPathMounts(t *testing.T) {
 			Name:      "foo-0",
 			HostPath:  "/tmp/qux-0",
 			MountPath: "/tmp/qux-0",
-			Writable:  false,
+			ReadOnly:  true,
 			PathType:  v1.HostPathFile,
 		},
 		{
 			Name:      "bar-0",
 			HostPath:  "/tmp/asd-0",
 			MountPath: "/tmp/asd-0",
-			Writable:  true,
+			ReadOnly:  false,
 			PathType:  v1.HostPathDirectory,
 		},
 		{
 			Name:      "foo-1",
 			HostPath:  "/tmp/qux-1",
 			MountPath: "/tmp/qux-1",
-			Writable:  false,
+			ReadOnly:  true,
 			PathType:  v1.HostPathFileOrCreate,
 		},
 		{
 			Name:      "bar-1",
 			HostPath:  "/tmp/asd-1",
 			MountPath: "/tmp/asd-1",
-			Writable:  true,
+			ReadOnly:  false,
 			PathType:  v1.HostPathDirectoryOrCreate,
 		},
 	}
@@ -672,8 +672,8 @@ func TestAddExtraHostPathMounts(t *testing.T) {
 		if volMount.MountPath != hostMount.MountPath {
 			t.Errorf("Expected container path %q", hostMount.MountPath)
 		}
-		if volMount.ReadOnly != !hostMount.Writable {
-			t.Errorf("Expected volume writable setting %t", hostMount.Writable)
+		if volMount.ReadOnly != hostMount.ReadOnly {
+			t.Errorf("Expected volume readOnly setting %t", hostMount.ReadOnly)
 		}
 	}
 }
diff --git a/cmd/kubeadm/app/util/config/testdata/conversion/master/internal.yaml b/cmd/kubeadm/app/util/config/testdata/conversion/master/internal.yaml
index d1938ed2ec7..0e876504fa1 100644
--- a/cmd/kubeadm/app/util/config/testdata/conversion/master/internal.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/conversion/master/internal.yaml
@@ -5,7 +5,17 @@ APIServer:
   CertSANs: null
   ExtraArgs:
     authorization-mode: Node,RBAC,Webhook
-  ExtraVolumes: null
+  ExtraVolumes:
+  - HostPath: /host/read-only
+    MountPath: /mount/read-only
+    Name: ReadOnlyVolume
+    PathType: ""
+    ReadOnly: true
+  - HostPath: /host/writable
+    MountPath: /mount/writable
+    Name: WritableVolume
+    PathType: ""
+    ReadOnly: false
 AuditPolicyConfiguration:
   LogDir: /var/log/kubernetes/audit
   LogMaxAge: 2
diff --git a/cmd/kubeadm/app/util/config/testdata/conversion/master/v1alpha3.yaml b/cmd/kubeadm/app/util/config/testdata/conversion/master/v1alpha3.yaml
index 4c9aadbd336..9a47c24bd95 100644
--- a/cmd/kubeadm/app/util/config/testdata/conversion/master/v1alpha3.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/conversion/master/v1alpha3.yaml
@@ -20,6 +20,14 @@ nodeRegistration:
 ---
 apiServerExtraArgs:
   authorization-mode: Node,RBAC,Webhook
+apiServerExtraVolumes:
+- hostPath: /host/read-only
+  mountPath: /mount/read-only
+  name: ReadOnlyVolume
+- hostPath: /host/writable
+  mountPath: /mount/writable
+  name: WritableVolume
+  writable: true
 apiVersion: kubeadm.k8s.io/v1alpha3
 auditPolicy:
   logDir: /var/log/kubernetes/audit
diff --git a/cmd/kubeadm/app/util/config/testdata/conversion/master/v1beta1.yaml b/cmd/kubeadm/app/util/config/testdata/conversion/master/v1beta1.yaml
index 8d2fa38d448..98be69edb87 100644
--- a/cmd/kubeadm/app/util/config/testdata/conversion/master/v1beta1.yaml
+++ b/cmd/kubeadm/app/util/config/testdata/conversion/master/v1beta1.yaml
@@ -21,6 +21,14 @@ nodeRegistration:
 apiServer:
   extraArgs:
     authorization-mode: Node,RBAC,Webhook
+  extraVolumes:
+  - hostPath: /host/read-only
+    mountPath: /mount/read-only
+    name: ReadOnlyVolume
+    readOnly: true
+  - hostPath: /host/writable
+    mountPath: /mount/writable
+    name: WritableVolume
 apiVersion: kubeadm.k8s.io/v1beta1
 auditPolicy:
   logDir: /var/log/kubernetes/audit