diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
index 36450b8629..db97808cc1 100644
--- a/cluster/config-defaults.yaml
+++ b/cluster/config-defaults.yaml
@@ -606,6 +606,7 @@ kubelet_image_gc_low_threshold: 40
 {{if eq .Cluster.Environment "production"}}
 teapot_admission_controller_validate_application_label: "true"
 teapot_admission_controller_validate_base_images: "true"
+teapot_admission_controller_validate_base_images_namespaces: "^kube-system$"
 
 # Check container image compliance in production clusters. Be careful when thinking about changing this: Setting it to
 # false will allow any container image to run in production clusters.