diff --git a/webhook/env.go b/webhook/env.go
index ffb757011..e622f5f97 100644
--- a/webhook/env.go
+++ b/webhook/env.go
@@ -32,6 +32,8 @@ const (
 	secretNameEnvKey = "WEBHOOK_SECRET_NAME" //nolint:gosec // This is not a hardcoded credential
 
 	tlsMinVersionEnvKey = "WEBHOOK_TLS_MIN_VERSION"
+
+	disableNamespaceOwnershipEnvKey = "WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP"
 )
 
 // PortFromEnv returns the webhook port set by portEnvKey, or default port if env var is not set.
@@ -82,3 +84,15 @@ func TLSMinVersionFromEnv(defaultTLSMinVersion uint16) uint16 {
 		panic(fmt.Sprintf("the environment variable %q has to be either '1.2' or '1.3'", tlsMinVersionEnvKey))
 	}
 }
+
+func DisableNamespaceOwnershipFromEnv() *bool {
+	disableNamespaceOwnership := os.Getenv(disableNamespaceOwnershipEnvKey)
+	if disableNamespaceOwnership == "" {
+		return nil
+	}
+	disableNamespaceOwnershipBool, err := strconv.ParseBool(disableNamespaceOwnership)
+	if err != nil {
+		panic(fmt.Sprintf("failed to convert the environment variable %q : %v", disableNamespaceOwnershipEnvKey, err))
+	}
+	return &disableNamespaceOwnershipBool
+}
diff --git a/webhook/webhook.go b/webhook/webhook.go
index 1b90e75fc..dc1981796 100644
--- a/webhook/webhook.go
+++ b/webhook/webhook.go
@@ -81,8 +81,10 @@ type Options struct {
 	// before shutting down.
 	GracePeriod time.Duration
 
-	// DisableNamespaceOwnership configures whether the webhook adds an owner reference for the SYSTEM_NAMESPACE
-	// Disabling this is useful when you expect the webhook configuration to be managed by something other than knative
+	// DisableNamespaceOwnership configures if the SYSTEM_NAMESPACE is added as an owner reference to the
+	// webhook configuration resources. Overridden by the WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP environment variable.
+	// Disabling can be useful to avoid breaking systems that expect ownership to indicate a true controller
+	// relationship: https://github.com/knative/serving/issues/15483
 	DisableNamespaceOwnership bool
 
 	// ControllerOptions encapsulates options for creating a new controller,
@@ -164,6 +166,12 @@ func New(
 		return nil, fmt.Errorf("unsupported TLS version: %d", opts.TLSMinVersion)
 	}
 
+	// if the environment variable is set, it overrides the value in the Options
+	disableNamespaceOwnership := DisableNamespaceOwnershipFromEnv()
+	if disableNamespaceOwnership != nil {
+		opts.DisableNamespaceOwnership = *disableNamespaceOwnership
+	}
+
 	syncCtx, cancel := context.WithCancel(context.Background())
 
 	webhook = &Webhook{