diff --git a/docs/operations/hardening.md b/docs/operations/hardening.md
index 3aba0dc37..a6c4984a3 100644
--- a/docs/operations/hardening.md
+++ b/docs/operations/hardening.md
@@ -96,6 +96,8 @@ kubelet_make_iptables_util_chains: true
 kubelet_feature_gates: ["RotateKubeletServerCertificate=true"]
 kubelet_seccomp_default: true
 kubelet_systemd_hardening: true
+# To disable kubelet's staticPodPath (for nodes that don't use static pods like worker nodes)
+kubelet_static_pod_path: ""
 # In case you have multiple interfaces in your
 # control plane nodes and you want to specify the right
 # IP addresses, kubelet_secure_addresses allows you
diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 5af9c0bb4..59e643568 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -188,6 +188,8 @@ conntrack_modules:
   - nf_conntrack
   - nf_conntrack_ipv4
 
+# Set this option to "" (empty) to disable staticPodPath (See docs/operations/hardening.md)
+kubelet_static_pod_path: "{{ kube_manifest_dir }}"
 
 ## Enable distributed tracing for kubelet
 kubelet_tracing: false
diff --git a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2 b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
index 6035611c8..8ad76b552 100644
--- a/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/node/templates/kubelet-config.v1beta1.yaml.j2
@@ -22,7 +22,7 @@ enforceNodeAllocatable:
 - {{ item }}
 {% endfor %}
 {% endif %}
-staticPodPath: {{ kube_manifest_dir }}
+staticPodPath: "{{ kubelet_static_pod_path }}"
 cgroupDriver: {{ kubelet_cgroup_driver | default('systemd') }}
 containerLogMaxFiles: {{ kubelet_logfiles_max_nr }}
 containerLogMaxSize: {{ kubelet_logfiles_max_size }}