diff --git a/google/node_config.go b/google/node_config.go
index f31e13c515b..f8b3f46a038 100644
--- a/google/node_config.go
+++ b/google/node_config.go
@@ -6,6 +6,16 @@ import (
 	"google.golang.org/api/container/v1"
 )
 
+// Matches gke-default scope from https://cloud.google.com/sdk/gcloud/reference/container/clusters/create
+var defaultOauthScopes = []string{
+	"https://www.googleapis.com/auth/devstorage.read_only",
+	"https://www.googleapis.com/auth/logging.write",
+	"https://www.googleapis.com/auth/monitoring",
+	"https://www.googleapis.com/auth/service.management.readonly",
+	"https://www.googleapis.com/auth/servicecontrol",
+	"https://www.googleapis.com/auth/trace.append",
+}
+
 var schemaNodeConfig = &schema.Schema{
 	Type:     schema.TypeList,
 	Optional: true,
@@ -104,9 +114,15 @@ var schemaNodeConfig = &schema.Schema{
 
 func expandNodeConfig(v interface{}) *container.NodeConfig {
 	nodeConfigs := v.([]interface{})
-	nodeConfig := nodeConfigs[0].(map[string]interface{})
+	nc := &container.NodeConfig{
+		// Defaults can't be set on a list/set in the schema, so set the default on create here.
+		OauthScopes: defaultOauthScopes,
+	}
+	if len(nodeConfigs) == 0 {
+		return nc
+	}
 
-	nc := &container.NodeConfig{}
+	nodeConfig := nodeConfigs[0].(map[string]interface{})
 
 	if v, ok := nodeConfig["machine_type"]; ok {
 		nc.MachineType = v.(string)
diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go
index 4150c762962..6d6d580f53a 100644
--- a/google/resource_container_cluster.go
+++ b/google/resource_container_cluster.go
@@ -491,10 +491,6 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
 		cluster.AddonsConfig = expandClusterAddonsConfig(v)
 	}
 
-	if v, ok := d.GetOk("node_config"); ok {
-		cluster.NodeConfig = expandNodeConfig(v)
-	}
-
 	if v, ok := d.GetOk("enable_kubernetes_alpha"); ok {
 		cluster.EnableKubernetesAlpha = v.(bool)
 	}
@@ -511,6 +507,14 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
 			nodePools = append(nodePools, nodePool)
 		}
 		cluster.NodePools = nodePools
+	} else {
+		// Node Configs have default values that are set in the expand function,
+		// but can only be set if node pools are unspecified.
+		cluster.NodeConfig = expandNodeConfig([]interface{}{})
+	}
+
+	if v, ok := d.GetOk("node_config"); ok {
+		cluster.NodeConfig = expandNodeConfig(v)
 	}
 
 	if v, ok := d.GetOk("ip_allocation_policy"); ok {
diff --git a/google/resource_container_node_pool.go b/google/resource_container_node_pool.go
index 91102e013e4..e25730d514b 100644
--- a/google/resource_container_node_pool.go
+++ b/google/resource_container_node_pool.go
@@ -324,10 +324,7 @@ func expandNodePool(d *schema.ResourceData, prefix string) (*container.NodePool,
 	np := &container.NodePool{
 		Name:             name,
 		InitialNodeCount: int64(nodeCount),
-	}
-
-	if v, ok := d.GetOk(prefix + "node_config"); ok {
-		np.Config = expandNodeConfig(v)
+		Config:           expandNodeConfig(d.Get(prefix + "node_config")),
 	}
 
 	if v, ok := d.GetOk(prefix + "autoscaling"); ok {