diff --git a/build/lib/release.sh b/build/lib/release.sh
index dc1a1f0d9cb..dc91a62bfe3 100644
--- a/build/lib/release.sh
+++ b/build/lib/release.sh
@@ -389,6 +389,7 @@ function kube::release::package_kube_manifests_tarball() {
   cp "${src_dir}/glbc.manifest" "${dst_dir}"
   cp "${src_dir}/rescheduler.manifest" "${dst_dir}/"
   cp "${src_dir}/e2e-image-puller.manifest" "${dst_dir}/"
+  cp "${src_dir}/etcd-empty-dir-cleanup.yaml" "${dst_dir}/"
   cp "${KUBE_ROOT}/cluster/gce/gci/configure-helper.sh" "${dst_dir}/gci-configure-helper.sh"
   cp "${KUBE_ROOT}/cluster/gce/gci/health-monitor.sh" "${dst_dir}/health-monitor.sh"
   local objects
diff --git a/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp-binding.yaml b/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp-binding.yaml
deleted file mode 100644
index 77003f69c5f..00000000000
--- a/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp-binding.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: gce:podsecuritypolicy:etcd-empty-dir-cleanup
-  namespace: kube-system
-  labels:
-    addonmanager.kubernetes.io/mode: Reconcile
-    kubernetes.io/cluster-service: "true"
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: gce:podsecuritypolicy:etcd-empty-dir-cleanup
-subjects:
-- kind: ServiceAccount
-  name: etcd-empty-dir-cleanup
-  namespace: kube-system
diff --git a/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp-role.yaml b/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp-role.yaml
deleted file mode 100644
index 0f57b204d38..00000000000
--- a/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp-role.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: gce:podsecuritypolicy:etcd-empty-dir-cleanup
-  namespace: kube-system
-  labels:
-    kubernetes.io/cluster-service: "true"
-    addonmanager.kubernetes.io/mode: Reconcile
-rules:
-- apiGroups:
-  - policy
-  resourceNames:
-  - gce.etcd-empty-dir-cleanup
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
diff --git a/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp.yaml b/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp.yaml
deleted file mode 100644
index c0b315d5868..00000000000
--- a/cluster/addons/etcd-empty-dir-cleanup/podsecuritypolicies/etcd-empty-dir-cleanup-psp.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: gce.etcd-empty-dir-cleanup
-  annotations:
-    kubernetes.io/description: 'Policy used by the etcd-empty-dir-cleanup addon.'
-    # TODO: etcd-empty-dir-cleanup should run with the default seccomp profile
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
-    # 'runtime/default' is already the default, but must be filled in on the
-    # pod to pass admission.
-    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
-  labels:
-    kubernetes.io/cluster-service: 'true'
-    addonmanager.kubernetes.io/mode: Reconcile
-spec:
-  privileged: false
-  volumes:
-  - 'secret'
-  hostNetwork: true
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'RunAsAny'
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'RunAsAny'
-  fsGroup:
-    rule: 'RunAsAny'
-  readOnlyRootFilesystem: false
diff --git a/cluster/gce/gci/BUILD b/cluster/gce/gci/BUILD
index a9c43c2108e..0a16226b9b6 100644
--- a/cluster/gce/gci/BUILD
+++ b/cluster/gce/gci/BUILD
@@ -10,7 +10,7 @@ go_test(
     ],
     data = [
         ":scripts-test-data",
-        "//cluster/gce/manifests:manifests-test-data",
+        "//cluster/gce/manifests",
     ],
     deps = [
         "//pkg/api/legacyscheme:go_default_library",
diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh
index c007c0434a8..ad12bc637f1 100644
--- a/cluster/gce/gci/configure-helper.sh
+++ b/cluster/gce/gci/configure-helper.sh
@@ -1323,7 +1323,8 @@ function prepare-etcd-manifest {
 }
 
 function start-etcd-empty-dir-cleanup-pod {
-  cp "${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/etcd-empty-dir-cleanup/etcd-empty-dir-cleanup.yaml" "/etc/kubernetes/manifests"
+  local -r src_file="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty/etcd-empty-dir-cleanup.yaml"
+  cp "${src_file}" "/etc/kubernetes/manifests"
 }
 
 # Starts etcd server pod (and etcd-events pod if needed).
diff --git a/cluster/gce/manifests/BUILD b/cluster/gce/manifests/BUILD
index 2f352fcaec7..d3cfddf1d23 100644
--- a/cluster/gce/manifests/BUILD
+++ b/cluster/gce/manifests/BUILD
@@ -5,30 +5,18 @@ load("@io_kubernetes_build//defs:pkg.bzl", "pkg_tar")
 
 pkg_tar(
     name = "gce-master-manifests",
-    srcs = [
-        "abac-authz-policy.jsonl",
-        "cluster-autoscaler.manifest",
-        "e2e-image-puller.manifest",
-        "etcd.manifest",
-        "glbc.manifest",
-        "kms-plugin-container.manifest",
-        "kube-addon-manager.yaml",
-        "kube-apiserver.manifest",
-        "kube-controller-manager.manifest",
-        "kube-proxy.manifest",
-        "kube-scheduler.manifest",
-        "rescheduler.manifest",
-    ],
+    srcs = [":manifests"],
     mode = "0644",
 )
 
 filegroup(
-    name = "manifests-test-data",
+    name = "manifests",
     srcs = [
         "abac-authz-policy.jsonl",
         "cluster-autoscaler.manifest",
         "e2e-image-puller.manifest",
         "etcd.manifest",
+        "etcd-empty-dir-cleanup.yaml",
         "glbc.manifest",
         "kms-plugin-container.manifest",
         "kube-addon-manager.yaml",
diff --git a/cluster/addons/etcd-empty-dir-cleanup/etcd-empty-dir-cleanup.yaml b/cluster/gce/manifests/etcd-empty-dir-cleanup.yaml
similarity index 57%
rename from cluster/addons/etcd-empty-dir-cleanup/etcd-empty-dir-cleanup.yaml
rename to cluster/gce/manifests/etcd-empty-dir-cleanup.yaml
index fd5b0ecfcd3..7e1971634ff 100644
--- a/cluster/addons/etcd-empty-dir-cleanup/etcd-empty-dir-cleanup.yaml
+++ b/cluster/gce/manifests/etcd-empty-dir-cleanup.yaml
@@ -1,14 +1,4 @@
 apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: etcd-empty-dir-cleanup
-  namespace: kube-system
-  labels:
-    k8s-app: etcd-empty-dir-cleanup
-    kubernetes.io/cluster-service: "true"
-    addonmanager.kubernetes.io/mode: Reconcile
----
-apiVersion: v1
 kind: Pod
 metadata:
   name: etcd-empty-dir-cleanup
@@ -19,7 +9,6 @@ metadata:
     k8s-app: etcd-empty-dir-cleanup
 spec:
   priorityClassName: system-node-critical
-  serviceAccountName: etcd-empty-dir-cleanup
   hostNetwork: true
   dnsPolicy: Default
   containers: