diff --git a/pkg/healthcheck/healthcheck.go b/pkg/healthcheck/healthcheck.go
index 1caee99c34f20..e91fee7815184 100644
--- a/pkg/healthcheck/healthcheck.go
+++ b/pkg/healthcheck/healthcheck.go
@@ -192,7 +192,6 @@ var ExpectedServiceAccountNames = []string{
 	"linkerd-destination",
 	"linkerd-grafana",
 	"linkerd-identity",
-	"linkerd-prometheus",
 	"linkerd-proxy-injector",
 	"linkerd-sp-validator",
 	"linkerd-web",
@@ -1764,7 +1763,6 @@ func (hc *HealthChecker) expectedRBACNames() []string {
 	return []string{
 		fmt.Sprintf("linkerd-%s-controller", hc.ControlPlaneNamespace),
 		fmt.Sprintf("linkerd-%s-identity", hc.ControlPlaneNamespace),
-		fmt.Sprintf("linkerd-%s-prometheus", hc.ControlPlaneNamespace),
 		fmt.Sprintf("linkerd-%s-proxy-injector", hc.ControlPlaneNamespace),
 		fmt.Sprintf("linkerd-%s-sp-validator", hc.ControlPlaneNamespace),
 		fmt.Sprintf("linkerd-%s-tap", hc.ControlPlaneNamespace),
diff --git a/pkg/healthcheck/healthcheck_test.go b/pkg/healthcheck/healthcheck_test.go
index a19d9141bd0bd..ee5db97b2c928 100644
--- a/pkg/healthcheck/healthcheck_test.go
+++ b/pkg/healthcheck/healthcheck_test.go
@@ -423,7 +423,7 @@ data:
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: extension-apiserver-authentication 
+ name: extension-apiserver-authentication
  namespace: kube-system
 data:
   %s : 'bar'
@@ -570,7 +570,7 @@ metadata:
 			},
 			[]string{
 				"linkerd-config control plane Namespace exists",
-				"linkerd-config control plane ClusterRoles exist: missing ClusterRoles: linkerd-test-ns-controller, linkerd-test-ns-identity, linkerd-test-ns-prometheus, linkerd-test-ns-proxy-injector, linkerd-test-ns-sp-validator, linkerd-test-ns-tap",
+				"linkerd-config control plane ClusterRoles exist: missing ClusterRoles: linkerd-test-ns-controller, linkerd-test-ns-identity, linkerd-test-ns-proxy-injector, linkerd-test-ns-sp-validator, linkerd-test-ns-tap",
 			},
 		},
 		{
@@ -599,14 +599,6 @@ metadata:
 				`
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -632,7 +624,7 @@ metadata:
 			[]string{
 				"linkerd-config control plane Namespace exists",
 				"linkerd-config control plane ClusterRoles exist",
-				"linkerd-config control plane ClusterRoleBindings exist: missing ClusterRoleBindings: linkerd-test-ns-controller, linkerd-test-ns-identity, linkerd-test-ns-prometheus, linkerd-test-ns-proxy-injector, linkerd-test-ns-sp-validator, linkerd-test-ns-tap",
+				"linkerd-config control plane ClusterRoleBindings exist: missing ClusterRoleBindings: linkerd-test-ns-controller, linkerd-test-ns-identity, linkerd-test-ns-proxy-injector, linkerd-test-ns-sp-validator, linkerd-test-ns-tap",
 			},
 		},
 		{
@@ -661,14 +653,6 @@ metadata:
 				`
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -709,14 +693,6 @@ metadata:
 				`
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -768,15 +744,6 @@ metadata:
 				`
 kind: ServiceAccount
 apiVersion: v1
-metadata:
-  name: linkerd-prometheus
-  namespace: test-ns
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ServiceAccount
-apiVersion: v1
 metadata:
   name: linkerd-proxy-injector
   namespace: test-ns
@@ -872,14 +839,6 @@ metadata:
 				`
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -920,14 +879,6 @@ metadata:
 				`
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -979,15 +930,6 @@ metadata:
 				`
 kind: ServiceAccount
 apiVersion: v1
-metadata:
-  name: linkerd-prometheus
-  namespace: test-ns
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ServiceAccount
-apiVersion: v1
 metadata:
   name: linkerd-proxy-injector
   namespace: test-ns
@@ -1092,14 +1034,6 @@ metadata:
 				`
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -1140,14 +1074,6 @@ metadata:
 				`
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -1199,15 +1125,6 @@ metadata:
 				`
 kind: ServiceAccount
 apiVersion: v1
-metadata:
-  name: linkerd-prometheus
-  namespace: test-ns
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ServiceAccount
-apiVersion: v1
 metadata:
   name: linkerd-proxy-injector
   namespace: test-ns
@@ -1321,14 +1238,6 @@ metadata:
 				`
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -1369,14 +1278,6 @@ metadata:
 				`
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -1428,15 +1329,6 @@ metadata:
 				`
 kind: ServiceAccount
 apiVersion: v1
-metadata:
-  name: linkerd-prometheus
-  namespace: test-ns
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ServiceAccount
-apiVersion: v1
 metadata:
   name: linkerd-proxy-injector
   namespace: test-ns
@@ -1559,14 +1451,6 @@ metadata:
 				`
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -1607,14 +1491,6 @@ metadata:
 				`
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: linkerd-test-ns-prometheus
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: linkerd-test-ns-proxy-injector
   labels:
@@ -1666,15 +1542,6 @@ metadata:
 				`
 kind: ServiceAccount
 apiVersion: v1
-metadata:
-  name: linkerd-prometheus
-  namespace: test-ns
-  labels:
-    linkerd.io/control-plane-ns: test-ns
-`,
-				`
-kind: ServiceAccount
-apiVersion: v1
 metadata:
   name: linkerd-proxy-injector
   namespace: test-ns
diff --git a/test/serviceaccounts/serviceaccounts_test.go b/test/serviceaccounts/serviceaccounts_test.go
index 730cafdd403bb..ea296c0845078 100644
--- a/test/serviceaccounts/serviceaccounts_test.go
+++ b/test/serviceaccounts/serviceaccounts_test.go
@@ -16,14 +16,13 @@ func TestMain(m *testing.M) {
 	os.Exit(m.Run())
 }
 
+// namesMatch checks if all the expectedServiceAccountNames are present in the given list,
+// The passed argument list is allowed to contain extra members.
 func namesMatch(names []string) bool {
-	for _, name := range names {
-		if name == "default" || name == "linkerd-heartbeat" {
-			continue
-		}
+	for _, expectedname := range healthcheck.ExpectedServiceAccountNames {
 		found := false
-		for _, expectedName := range healthcheck.ExpectedServiceAccountNames {
-			if name == expectedName {
+		for _, name := range names {
+			if expectedname == name {
 				found = true
 				break
 			}
@@ -53,7 +52,7 @@ func TestServiceAccountsMatch(t *testing.T) {
 		saNames = append(saNames, strings.TrimPrefix(name, "serviceaccount/"))
 	}
 	// disregard `default` and `linkerd-heartbeat`
-	if len(saNames)-2 != len(expectedNames) || !namesMatch(saNames) {
+	if len(saNames) < len(expectedNames) || !namesMatch(saNames) {
 		testutil.Fatalf(t, "the service account list doesn't match the expected list: %s", expectedNames)
 	}
 
@@ -68,7 +67,7 @@ func TestServiceAccountsMatch(t *testing.T) {
 	}
 	saNamesPSP := strings.Split(res, " ")
 	// disregard `linkerd-heartbeat`
-	if len(saNamesPSP)-1 != len(expectedNames) || !namesMatch(saNamesPSP) {
+	if len(saNamesPSP) < len(expectedNames) || !namesMatch(saNamesPSP) {
 		t.Fatalf(
 			"The service accounts in the linkerd-psp rolebindings don't match the expected list: %s",
 			expectedNames)