diff --git a/ci/prow/cluster.yaml b/ci/prow/cluster.yaml
index 341d844c620..80272c00bf3 100644
--- a/ci/prow/cluster.yaml
+++ b/ci/prow/cluster.yaml
@@ -83,6 +83,7 @@ spec:
       labels:
         app: hook
     spec:
+      serviceAccountName: "hook"
       terminationGracePeriodSeconds: 180
       containers:
       - name: hook
@@ -144,6 +145,7 @@ spec:
       labels:
         app: plank
     spec:
+      serviceAccountName: "plank"
       containers:
       - name: plank
         image: gcr.io/k8s-prow/plank:v20180709-7109caeb1
@@ -178,6 +180,7 @@ spec:
       labels:
         app: sinker
     spec:
+      serviceAccountName: "sinker"
       containers:
       - name: sinker
         image: gcr.io/k8s-prow/sinker:v20180709-7109caeb1
@@ -208,6 +211,7 @@ spec:
       labels:
         app: deck
     spec:
+      serviceAccountName: "deck"
       terminationGracePeriodSeconds: 30
       containers:
       - name: deck
@@ -252,6 +256,7 @@ spec:
       labels:
         app: horologium
     spec:
+      serviceAccountName: "horologium"
       terminationGracePeriodSeconds: 30
       containers:
       - name: horologium
@@ -337,6 +342,7 @@ spec:
       labels:
         app: tot
     spec:
+      serviceAccountName: "tot"
       terminationGracePeriodSeconds: 30
       containers:
       - name: tot
@@ -396,6 +402,7 @@ spec:
       labels:
         app: tide
     spec:
+      serviceAccountName: "tide"
       containers:
       - name: tide
         image: gcr.io/k8s-prow/tide:v20180625-90124aa3f
diff --git a/ci/prow/config_start.yaml b/ci/prow/config_start.yaml
index 09536f0fe9d..05c39414c7c 100644
--- a/ci/prow/config_start.yaml
+++ b/ci/prow/config_start.yaml
@@ -14,6 +14,8 @@
 
 # Initial configuration of prow cluster
 
+# Configs
+
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -28,6 +30,9 @@ metadata:
 data:
   config: ""
 ---
+
+# Namespaces
+
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -37,3 +42,294 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: test-pods
+---
+
+# Service accounts, roles and bindings
+
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: "default"
+  namespace: test-pods
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "default"
+  namespace: test-pods
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: "test-pods-default"
+subjects:
+- kind: ServiceAccount
+  name: "default"
+  namespace: test-pods
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "test-pods-default"
+  namespace: test-pods
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: "deck"
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "deck"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: "deck"
+subjects:
+- kind: ServiceAccount
+  name: "deck"
+  namespace: default
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "deck"
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods/log
+    verbs:
+      - get
+  - apiGroups:
+      - "prow.k8s.io"
+    resources:
+      - prowjobs
+    verbs:
+      - get
+      - list
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: "horologium"
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "horologium"
+rules:
+  - apiGroups:
+      - "prow.k8s.io"
+    resources:
+      - prowjobs
+    verbs:
+      - create
+      - list
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "horologium"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: "horologium"
+subjects:
+- kind: ServiceAccount
+  name: "horologium"
+  namespace: default
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: "plank"
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "plank"
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - create
+      - delete
+      - list
+  - apiGroups:
+      - "prow.k8s.io"
+    resources:
+      - prowjobs
+    verbs:
+      - create
+      - list
+      - update
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "plank"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: "plank"
+subjects:
+- kind: ServiceAccount
+  name: "plank"
+  namespace: default
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: "sinker"
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "sinker"
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - delete
+      - list
+  - apiGroups:
+      - "prow.k8s.io"
+    resources:
+      - prowjobs
+    verbs:
+      - delete
+      - list
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "sinker"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: "sinker"
+subjects:
+- kind: ServiceAccount
+  name: "sinker"
+  namespace: default
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "hook"
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "hook"
+rules:
+  - apiGroups:
+      - "prow.k8s.io"
+    resources:
+      - prowjobs
+    verbs:
+      - create
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - update
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "hook"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: "hook"
+subjects:
+- kind: ServiceAccount
+  name: "hook"
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "tide"
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "tide"
+rules:
+  - apiGroups:
+      - "prow.k8s.io"
+    resources:
+      - prowjobs
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - update
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "tide"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: "tide"
+subjects:
+- kind: ServiceAccount
+  name: "tide"
+  namespace: default
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "tot"
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "tot"
+rules:
+  - apiGroups:
+      - "prow.k8s.io"
+    resources:
+      - prowjobs
+    verbs:
+      - create
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - update
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: "tot"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: "tot"
+subjects:
+- kind: ServiceAccount
+  name: "tot"
diff --git a/images/prow-tests/scripts/library.sh b/images/prow-tests/scripts/library.sh
index f1d1aeb5f46..06c9e975c88 100755
--- a/images/prow-tests/scripts/library.sh
+++ b/images/prow-tests/scripts/library.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Copyright 2018 The Knative Authors
-#
+# x
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
diff --git a/test/e2e-tests.sh b/test/e2e-tests.sh
new file mode 100755
index 00000000000..7798fe58d45
--- /dev/null
+++ b/test/e2e-tests.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# Copyright 2018 The Knative Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script runs the end-to-end tests.
+
+# If you already have a Knative cluster setup and kubectl pointing
+# to it, call this script with the --run-tests arguments and it will use
+# the cluster and run the tests.
+
+# Calling this script without arguments will create a new cluster in
+# project $PROJECT_ID, run the tests and delete the cluster.
+
+# Load github.com/knative/test-infra/images/prow-tests/scripts/e2e-tests.sh
+[ -f /workspace/e2e-tests.sh ] \
+  && source /workspace/e2e-tests.sh \
+  || eval "$(docker run --entrypoint sh gcr.io/knative-tests/test-infra/prow-tests -c 'cat e2e-tests.sh')"
+[ -v KNATIVE_TEST_INFRA ] || exit 1
+
+# Script entry point.
+
+initialize $@
+
+# Install Knative Serving if not using an existing cluster
+if (( ! USING_EXISTING_CLUSTER )); then
+  start_latest_knative_serving || fail_test
+fi
+
+# TODO(#30): Add tests.
+header "TODO(#30): Write integration tests"
+
+success
diff --git a/test/presubmit-tests.sh b/test/presubmit-tests.sh
index e3a9e182a4d..da11ab7bbdd 100755
--- a/test/presubmit-tests.sh
+++ b/test/presubmit-tests.sh
@@ -37,7 +37,7 @@ function unit_tests() {
 }
 
 function integration_tests() {
-  header "TODO(#8): Running integration tests"
+  ./test/e2e-tests.sh
 }
 
 main $@