diff --git a/pkg/webhook/manifests.go b/pkg/webhook/manifests.go
index f55bd0e1ba..e3bb199300 100644
--- a/pkg/webhook/manifests.go
+++ b/pkg/webhook/manifests.go
@@ -63,6 +63,7 @@ func mutatingWebhooksForWebhookConfigs(whCfgs []WebhookConfig, svcName string, w
 		wh := &admissionregistration.MutatingWebhook{
 			Name:                    whCfg.Name,
 			Rules:                   whCfg.Rules,
+			ObjectSelector:          whCfg.ObjectSelector,
 			FailurePolicy:           &whCfg.FailurePolicy,
 			SideEffects:             &whCfg.SideEffects,
 			AdmissionReviewVersions: admissionReviewVersions,
@@ -87,6 +88,7 @@ func validatingWebhooksForWebhookConfigs(whCfgs []WebhookConfig, svcName string,
 		wh := &admissionregistration.ValidatingWebhook{
 			Name:                    whCfg.Name,
 			Rules:                   whCfg.Rules,
+			ObjectSelector:          whCfg.ObjectSelector,
 			FailurePolicy:           &whCfg.FailurePolicy,
 			SideEffects:             &whCfg.SideEffects,
 			AdmissionReviewVersions: admissionReviewVersions,
diff --git a/pkg/webhook/register.go b/pkg/webhook/register.go
index 0b1822b355..b1d7835324 100644
--- a/pkg/webhook/register.go
+++ b/pkg/webhook/register.go
@@ -21,6 +21,7 @@ import (
 	"path"
 	"strings"
 
+	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/crd/crdgeneration"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/metadata"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/dcl/schema/dclschemaloader"
 	"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/gvks/supportedgvks"
@@ -36,6 +37,7 @@ import (
 	admissionregistration "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
@@ -187,10 +189,15 @@ func GetCommonWebhookConfigs() ([]WebhookConfig, error) {
 func RegisterAbandonOnUninstallWebhook(mgr manager.Manager, nocacheClient client.Client) error {
 	whCfgs := []WebhookConfig{
 		{
-			Name:          "abandon-on-uninstall.cnrm.cloud.google.com",
-			Path:          "/abandon-on-uninstall",
-			Type:          Validating,
-			Handler:       &abandonOnCRDUninstallWebhook{},
+			Name:    "abandon-on-uninstall.cnrm.cloud.google.com",
+			Path:    "/abandon-on-uninstall",
+			Type:    Validating,
+			Handler: &abandonOnCRDUninstallWebhook{},
+			ObjectSelector: &metav1.LabelSelector{
+				MatchLabels: map[string]string{
+					crdgeneration.ManagedByKCCLabel: "true",
+				},
+			},
 			FailurePolicy: admissionregistration.Fail,
 			Rules: getRulesForOperationTypes(
 				getRulesFromResources([]schema.GroupVersionKind{
diff --git a/pkg/webhook/types.go b/pkg/webhook/types.go
index a9b0c2894d..8fedbe24d7 100644
--- a/pkg/webhook/types.go
+++ b/pkg/webhook/types.go
@@ -16,17 +16,19 @@ package webhook
 
 import (
 	admissionregistration "k8s.io/api/admissionregistration/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 type WebhookConfig struct {
-	Type          webhookType
-	Name          string
-	Path          string
-	Handler       admission.Handler
-	FailurePolicy admissionregistration.FailurePolicyType
-	Rules         []admissionregistration.RuleWithOperations
-	SideEffects   admissionregistration.SideEffectClass
+	Type           webhookType
+	Name           string
+	Path           string
+	Handler        admission.Handler
+	FailurePolicy  admissionregistration.FailurePolicyType
+	ObjectSelector *metav1.LabelSelector
+	Rules          []admissionregistration.RuleWithOperations
+	SideEffects    admissionregistration.SideEffectClass
 }
 
 type webhookType string