diff --git a/src/index.js b/src/index.js
index 491ee4b..314f161 100644
--- a/src/index.js
+++ b/src/index.js
@@ -341,8 +341,9 @@ module.exports = (config = {}) => {
         client[name] = (args = {}) => {
             const options = { ...config.requestOptions, ...args.requestOptions };
             options.method = conf.method;
-            // replace args in path.
-            options.path = mustache.render(conf.path, args);
+            // replace args in path. kubernetesPath lives on the client (not in
+            // args), so inject it into the template context; args still win.
+            options.path = mustache.render(conf.path, { kubernetesPath: client.kubernetesPath, ...args });
             // no schema object -> no validation
             if (!conf.schema) {
                 if (options.method === 'POST' || options.method === 'PUT') {
diff --git a/test/unit.js b/test/unit.js
index 8ba39df..67906db 100644
--- a/test/unit.js
+++ b/test/unit.js
@@ -143,6 +143,72 @@ describe('node-vault', () => {
                 })
                 .catch(done);
         });
+
+        it('should default the kubernetes mount point in kubernetesLogin path', (done) => {
+            const request = sinon.stub();
+            const response = sinon.stub();
+            response.statusCode = 200;
+            response.body = { auth: { client_token: 'test-token' } };
+            request.returns({
+                then(fn) {
+                    return fn(response);
+                },
+                catch(fn) {
+                    return fn();
+                },
+            });
+
+            const vault = index({
+                endpoint: 'http://localhost:8200',
+                token: '123',
+                'request-promise': {
+                    defaults: () => request,
+                },
+            });
+
+            vault.kubernetesLogin({ role: 'my-role', jwt: 'my-jwt' })
+                .then(() => {
+                    request.should.have.calledOnce();
+                    const uri = request.firstCall.args[0].uri;
+                    uri.should.equal('http://localhost:8200/v1/auth/kubernetes/login');
+                    uri.should.not.contain('/auth//login');
+                    done();
+                })
+                .catch(done);
+        });
+
+        it('should use a custom kubernetesPath in kubernetesLogin path', (done) => {
+            const request = sinon.stub();
+            const response = sinon.stub();
+            response.statusCode = 200;
+            response.body = { auth: { client_token: 'test-token' } };
+            request.returns({
+                then(fn) {
+                    return fn(response);
+                },
+                catch(fn) {
+                    return fn();
+                },
+            });
+
+            const vault = index({
+                endpoint: 'http://localhost:8200',
+                token: '123',
+                kubernetesPath: 'k8s-prod',
+                'request-promise': {
+                    defaults: () => request,
+                },
+            });
+
+            vault.kubernetesLogin({ role: 'my-role', jwt: 'my-jwt' })
+                .then(() => {
+                    request.should.have.calledOnce();
+                    const uri = request.firstCall.args[0].uri;
+                    uri.should.equal('http://localhost:8200/v1/auth/k8s-prod/login');
+                    done();
+                })
+                .catch(done);
+        });
     });
 
     describe('client', () => {