diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
index ac0465eb3b..b77aebf45e 100644
--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
@@ -402,8 +402,8 @@ func ValidateMixedArguments(flag *pflag.FlagSet) error {
 
 	mixedInvalidFlags := []string{}
 	flag.Visit(func(f *pflag.Flag) {
-		if f.Name == "config" || f.Name == "ignore-preflight-errors" || strings.HasPrefix(f.Name, "skip-") || f.Name == "dry-run" || f.Name == "kubeconfig" || f.Name == "v" || f.Name == "rootfs" || f.Name == "print-join-command" || f.Name == "node-name" || f.Name == "cri-socket" {
-			// "--skip-*" flags or other whitelisted flags can be set with --config
+		if isAllowedFlag(f.Name) {
+			// "--skip-*" flags or other allowed flags can be set with --config
 			return
 		}
 		mixedInvalidFlags = append(mixedInvalidFlags, f.Name)
@@ -415,6 +415,26 @@ func ValidateMixedArguments(flag *pflag.FlagSet) error {
 	return nil
 }
 
+func isAllowedFlag(flagName string) bool {
+	isAllowed := false
+	switch flagName {
+	case kubeadmcmdoptions.CfgPath,
+		kubeadmcmdoptions.IgnorePreflightErrors,
+		kubeadmcmdoptions.DryRun,
+		kubeadmcmdoptions.KubeconfigPath,
+		kubeadmcmdoptions.NodeName,
+		kubeadmcmdoptions.NodeCRISocket,
+		kubeadmcmdoptions.KubeconfigDir,
+		"print-join-command", "rootfs", "v":
+		isAllowed = true
+	default:
+		if strings.HasPrefix(flagName, "skip-") {
+			isAllowed = true
+		}
+	}
+	return isAllowed
+}
+
 // ValidateFeatureGates validates provided feature gates
 func ValidateFeatureGates(featureGates map[string]bool, fldPath *field.Path) field.ErrorList {
 	allErrs := field.ErrorList{}
diff --git a/cmd/kubeadm/app/cmd/init.go b/cmd/kubeadm/app/cmd/init.go
index 070244c641..ac69355eb4 100644
--- a/cmd/kubeadm/app/cmd/init.go
+++ b/cmd/kubeadm/app/cmd/init.go
@@ -243,12 +243,12 @@ func AddInitOtherFlags(flagSet *flag.FlagSet, cfgPath *string, skipTokenPrint, d
 		ignorePreflightErrors, options.IgnorePreflightErrors, *ignorePreflightErrors,
 		"A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.",
 	)
-	// Note: All flags that are not bound to the cfg object should be whitelisted in cmd/kubeadm/app/apis/kubeadm/validation/validation.go
+	// Note: All flags that are not bound to the cfg object should be allowed in cmd/kubeadm/app/apis/kubeadm/validation/validation.go
 	flagSet.BoolVar(
 		skipTokenPrint, options.SkipTokenPrint, *skipTokenPrint,
 		"Skip printing of the default bootstrap token generated by 'kubeadm init'.",
 	)
-	// Note: All flags that are not bound to the cfg object should be whitelisted in cmd/kubeadm/app/apis/kubeadm/validation/validation.go
+	// Note: All flags that are not bound to the cfg object should be allowed in cmd/kubeadm/app/apis/kubeadm/validation/validation.go
 	flagSet.BoolVar(
 		dryRun, options.DryRun, *dryRun,
 		"Don't apply any changes; just output what would be done.",
@@ -333,7 +333,7 @@ func newInitData(cmd *cobra.Command, args []string, options *initOptions, out io
 	// Checks if an external CA is provided by the user.
 	externalCA, _ := certsphase.UsingExternalCA(&cfg.ClusterConfiguration)
 	if externalCA {
-		kubeconfigDir := kubeadmconstants.KubernetesDir
+		kubeconfigDir := options.kubeconfigDir
 		if options.dryRun {
 			kubeconfigDir = dryRunDir
 		}