diff --git a/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml b/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml
index a39b21149f..ad9b6c0356 100644
--- a/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml
+++ b/tests/integration/create_cluster/ha_gce/expected-v1alpha2.yaml
@@ -9,8 +9,7 @@ spec:
   authorization:
     rbac: {}
   channel: stable
-  cloudConfig:
-    gceServiceAccount: default
+  cloudConfig: {}
   cloudProvider: gce
   configBase: memfs://tests/ha-gce.example.com
   etcdClusters:
diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script
index 5a67eb3f94..254d1331c4 100644
--- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script
+++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-a-ha-gce-example-com_metadata_startup-script
@@ -123,7 +123,6 @@ ensure-install-dir
 
 cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
 cloudConfig:
-  gceServiceAccount: default
   gcpPDCSIDriver:
     enabled: false
   manageStorageClasses: true
diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script
index 5d84e58857..604385e43e 100644
--- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script
+++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-b-ha-gce-example-com_metadata_startup-script
@@ -123,7 +123,6 @@ ensure-install-dir
 
 cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
 cloudConfig:
-  gceServiceAccount: default
   gcpPDCSIDriver:
     enabled: false
   manageStorageClasses: true
diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script
index c8729213c2..4f73b7ed26 100644
--- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script
+++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_master-us-test1-c-ha-gce-example-com_metadata_startup-script
@@ -123,7 +123,6 @@ ensure-install-dir
 
 cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
 cloudConfig:
-  gceServiceAccount: default
   gcpPDCSIDriver:
     enabled: false
   manageStorageClasses: true
diff --git a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_startup-script
index 204a29e264..0de300e3ef 100644
--- a/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_startup-script
+++ b/tests/integration/update_cluster/ha_gce/data/google_compute_instance_template_nodes-ha-gce-example-com_metadata_startup-script
@@ -123,7 +123,6 @@ ensure-install-dir
 
 cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
 cloudConfig:
-  gceServiceAccount: default
   gcpPDCSIDriver:
     enabled: false
   manageStorageClasses: true
diff --git a/tests/integration/update_cluster/ha_gce/kubernetes.tf b/tests/integration/update_cluster/ha_gce/kubernetes.tf
index bdbf8075c0..130523b6f9 100644
--- a/tests/integration/update_cluster/ha_gce/kubernetes.tf
+++ b/tests/integration/update_cluster/ha_gce/kubernetes.tf
@@ -564,7 +564,7 @@ resource "google_compute_instance_template" "master-us-test1-a-ha-gce-example-co
     preemptible         = false
   }
   service_account {
-    email  = "default"
+    email  = "control-plane-ha-gce-ex-mr702t@testproject.iam.gserviceaccount.com"
     scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_write", "https://www.googleapis.com/auth/ndev.clouddns.readwrite"]
   }
   tags = ["ha-gce-example-com-k8s-io-role-master"]
@@ -610,7 +610,7 @@ resource "google_compute_instance_template" "master-us-test1-b-ha-gce-example-co
     preemptible         = false
   }
   service_account {
-    email  = "default"
+    email  = "control-plane-ha-gce-ex-mr702t@testproject.iam.gserviceaccount.com"
     scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_write", "https://www.googleapis.com/auth/ndev.clouddns.readwrite"]
   }
   tags = ["ha-gce-example-com-k8s-io-role-master"]
@@ -656,7 +656,7 @@ resource "google_compute_instance_template" "master-us-test1-c-ha-gce-example-co
     preemptible         = false
   }
   service_account {
-    email  = "default"
+    email  = "control-plane-ha-gce-ex-mr702t@testproject.iam.gserviceaccount.com"
     scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_write", "https://www.googleapis.com/auth/ndev.clouddns.readwrite"]
   }
   tags = ["ha-gce-example-com-k8s-io-role-master"]
@@ -702,7 +702,7 @@ resource "google_compute_instance_template" "nodes-ha-gce-example-com" {
     preemptible         = false
   }
   service_account {
-    email  = "default"
+    email  = "node-ha-gce-example-com@testproject.iam.gserviceaccount.com"
     scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_only"]
   }
   tags = ["ha-gce-example-com-k8s-io-role-node"]
@@ -720,6 +720,30 @@ resource "google_compute_subnetwork" "us-test1-ha-gce-example-com" {
   region        = "us-test1"
 }
 
+resource "google_project_iam_binding" "serviceaccount-control-plane" {
+  member  = "serviceAccount:control-plane-ha-gce-ex-mr702t@testproject.iam.gserviceaccount.com"
+  project = "testproject"
+  role    = "roles/container.serviceAgent"
+}
+
+resource "google_project_iam_binding" "serviceaccount-nodes" {
+  member  = "serviceAccount:node-ha-gce-example-com@testproject.iam.gserviceaccount.com"
+  project = "testproject"
+  role    = "roles/compute.viewer"
+}
+
+resource "google_service_account" "control-plane" {
+  account_id  = "control-plane-ha-gce-ex-mr702t"
+  description = "kubernetes control-plane instances"
+  project     = "testproject"
+}
+
+resource "google_service_account" "node" {
+  account_id  = "node-ha-gce-example-com"
+  description = "kubernetes worker nodes"
+  project     = "testproject"
+}
+
 terraform {
   required_version = ">= 0.15.0"
   required_providers {
diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script
index 4b2245974a..2fd0c004bd 100644
--- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script
+++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_master-us-test1-a-minimal-gce-example-com_metadata_startup-script
@@ -123,7 +123,6 @@ ensure-install-dir
 
 cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
 cloudConfig:
-  gceServiceAccount: default
   gcpPDCSIDriver:
     enabled: true
   manageStorageClasses: true
diff --git a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_startup-script
index 9078465630..f213cd60b7 100644
--- a/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_startup-script
+++ b/tests/integration/update_cluster/minimal_gce/data/google_compute_instance_template_nodes-minimal-gce-example-com_metadata_startup-script
@@ -123,7 +123,6 @@ ensure-install-dir
 
 cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
 cloudConfig:
-  gceServiceAccount: default
   gcpPDCSIDriver:
     enabled: true
   manageStorageClasses: true
diff --git a/tests/integration/update_cluster/minimal_gce/kubernetes.tf b/tests/integration/update_cluster/minimal_gce/kubernetes.tf
index abeb6b0c64..0f02adaa43 100644
--- a/tests/integration/update_cluster/minimal_gce/kubernetes.tf
+++ b/tests/integration/update_cluster/minimal_gce/kubernetes.tf
@@ -460,7 +460,7 @@ resource "google_compute_instance_template" "master-us-test1-a-minimal-gce-examp
     preemptible         = false
   }
   service_account {
-    email  = "default"
+    email  = "control-plane-minimal-g-fu1mg6@testproject.iam.gserviceaccount.com"
     scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_write", "https://www.googleapis.com/auth/ndev.clouddns.readwrite"]
   }
   tags = ["minimal-gce-example-com-k8s-io-role-master"]
@@ -506,7 +506,7 @@ resource "google_compute_instance_template" "nodes-minimal-gce-example-com" {
     preemptible         = false
   }
   service_account {
-    email  = "default"
+    email  = "node-minimal-gce-example-com@testproject.iam.gserviceaccount.com"
     scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_only"]
   }
   tags = ["minimal-gce-example-com-k8s-io-role-node"]
@@ -524,6 +524,30 @@ resource "google_compute_subnetwork" "us-test1-minimal-gce-example-com" {
   region        = "us-test1"
 }
 
+resource "google_project_iam_binding" "serviceaccount-control-plane" {
+  member  = "serviceAccount:control-plane-minimal-g-fu1mg6@testproject.iam.gserviceaccount.com"
+  project = "testproject"
+  role    = "roles/container.serviceAgent"
+}
+
+resource "google_project_iam_binding" "serviceaccount-nodes" {
+  member  = "serviceAccount:node-minimal-gce-example-com@testproject.iam.gserviceaccount.com"
+  project = "testproject"
+  role    = "roles/compute.viewer"
+}
+
+resource "google_service_account" "control-plane" {
+  account_id  = "control-plane-minimal-g-fu1mg6"
+  description = "kubernetes control-plane instances"
+  project     = "testproject"
+}
+
+resource "google_service_account" "node" {
+  account_id  = "node-minimal-gce-example-com"
+  description = "kubernetes worker nodes"
+  project     = "testproject"
+}
+
 terraform {
   required_version = ">= 0.15.0"
   required_providers {
diff --git a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_startup-script
index 690db0a828..9e40926697 100644
--- a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_startup-script
+++ b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_master-us-test1-a-minimal-gce-private-example-com_metadata_startup-script
@@ -123,7 +123,6 @@ ensure-install-dir
 
 cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
 cloudConfig:
-  gceServiceAccount: default
   gcpPDCSIDriver:
     enabled: false
   manageStorageClasses: true
diff --git a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_startup-script b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_startup-script
index b9ccb5e2aa..60cc72d13a 100644
--- a/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_startup-script
+++ b/tests/integration/update_cluster/minimal_gce_private/data/google_compute_instance_template_nodes-minimal-gce-private-example-com_metadata_startup-script
@@ -123,7 +123,6 @@ ensure-install-dir
 
 cat > conf/cluster_spec.yaml << '__EOF_CLUSTER_SPEC'
 cloudConfig:
-  gceServiceAccount: default
   gcpPDCSIDriver:
     enabled: false
   manageStorageClasses: true
diff --git a/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf b/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf
index 0d18b8d150..060065e8d3 100644
--- a/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf
+++ b/tests/integration/update_cluster/minimal_gce_private/kubernetes.tf
@@ -458,7 +458,7 @@ resource "google_compute_instance_template" "master-us-test1-a-minimal-gce-priva
     preemptible         = false
   }
   service_account {
-    email  = "default"
+    email  = "control-plane-minimal-g-sh4okp@testproject.iam.gserviceaccount.com"
     scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_write", "https://www.googleapis.com/auth/ndev.clouddns.readwrite"]
   }
   tags = ["minimal-gce-private-example-com-k8s-io-role-master"]
@@ -502,7 +502,7 @@ resource "google_compute_instance_template" "nodes-minimal-gce-private-example-c
     preemptible         = false
   }
   service_account {
-    email  = "default"
+    email  = "node-minimal-gce-privat-sh4okp@testproject.iam.gserviceaccount.com"
     scopes = ["https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/monitoring", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/devstorage.read_only"]
   }
   tags = ["minimal-gce-private-example-com-k8s-io-role-node"]
@@ -537,6 +537,30 @@ resource "google_compute_subnetwork" "us-test1-minimal-gce-private-example-com"
   region        = "us-test1"
 }
 
+resource "google_project_iam_binding" "serviceaccount-control-plane" {
+  member  = "serviceAccount:control-plane-minimal-g-sh4okp@testproject.iam.gserviceaccount.com"
+  project = "testproject"
+  role    = "roles/container.serviceAgent"
+}
+
+resource "google_project_iam_binding" "serviceaccount-nodes" {
+  member  = "serviceAccount:node-minimal-gce-privat-sh4okp@testproject.iam.gserviceaccount.com"
+  project = "testproject"
+  role    = "roles/compute.viewer"
+}
+
+resource "google_service_account" "control-plane" {
+  account_id  = "control-plane-minimal-g-sh4okp"
+  description = "kubernetes control-plane instances"
+  project     = "testproject"
+}
+
+resource "google_service_account" "node" {
+  account_id  = "node-minimal-gce-privat-sh4okp"
+  description = "kubernetes worker nodes"
+  project     = "testproject"
+}
+
 terraform {
   required_version = ">= 0.15.0"
   required_providers {