diff --git a/e2e/operator_context_test.go b/e2e/operator_context_test.go
index fe61df1c11..cb0cd5be46 100644
--- a/e2e/operator_context_test.go
+++ b/e2e/operator_context_test.go
@@ -132,6 +132,10 @@ type OperatorContext struct {
 }
 
 func newOperatorContext(t *testing.T) *OperatorContext {
+	return newOperatorContextWithOptions(t, operator.Options{})
+}
+
+func newOperatorContextWithOptions(t *testing.T, opts operator.Options) *OperatorContext {
 	kubeClient, err := kubernetes.NewForConfig(kubeconfig)
 	if err != nil {
 		t.Fatalf("Build Kubernetes clientset: %s", err)
@@ -166,14 +170,23 @@ func newOperatorContext(t *testing.T) *OperatorContext {
 		t.Fatalf("create test namespace: %s", err)
 	}
 
-	op, err := operator.New(globalLogger, kubeconfig, operator.Options{
-		ProjectID:         projectID,
-		Cluster:           cluster,
-		Location:          location,
-		OperatorNamespace: tctx.namespace,
-		PublicNamespace:   tctx.pubNamespace,
-		ListenAddr:        ":10250",
-	})
+	if opts.ProjectID == "" {
+		opts.ProjectID = projectID
+	}
+	if opts.Cluster == "" {
+		opts.Cluster = cluster
+	}
+	if opts.Location == "" {
+		opts.Location = location
+	}
+	if opts.OperatorNamespace == "" {
+		opts.OperatorNamespace = tctx.namespace
+	}
+	if opts.PublicNamespace == "" {
+		opts.PublicNamespace = tctx.pubNamespace
+	}
+
+	op, err := operator.New(globalLogger, kubeconfig, opts)
 	if err != nil {
 		t.Fatalf("instantiating operator: %s", err)
 	}
diff --git a/e2e/webhook_test.go b/e2e/webhook_test.go
index 4cd7c5ac6e..6efe85f117 100644
--- a/e2e/webhook_test.go
+++ b/e2e/webhook_test.go
@@ -19,6 +19,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/GoogleCloudPlatform/prometheus-engine/pkg/operator"
 	arv1 "k8s.io/api/admissionregistration/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -26,7 +27,9 @@ import (
 
 // webhook configurations.
 func TestWebhookCABundleInjection(t *testing.T) {
-	tctx := newOperatorContext(t)
+	tctx := newOperatorContextWithOptions(t, operator.Options{
+		ListenAddr: ":10250",
+	})
 
 	var (
 		whConfigName = fmt.Sprintf("gmp-operator.%s.monitoring.googleapis.com", tctx.namespace)
diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go
index f8c04ae8be..a5789b2d80 100644
--- a/pkg/operator/operator.go
+++ b/pkg/operator/operator.go
@@ -46,6 +46,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	monitoringv1 "github.com/GoogleCloudPlatform/prometheus-engine/pkg/operator/apis/monitoring/v1"
@@ -170,29 +171,37 @@ func New(logger logr.Logger, clientConfig *rest.Config, opts Options) (*Operator
 	if err := opts.defaultAndValidate(logger); err != nil {
 		return nil, fmt.Errorf("invalid options: %w", err)
 	}
-	// Create temporary directory to store webhook serving cert files.
-	certDir, err := os.MkdirTemp("", "operator-cert")
-	if err != nil {
-		return nil, fmt.Errorf("create temporary certificate dir: %w", err)
-	}
 
 	sc, err := getScheme()
 	if err != nil {
 		return nil, fmt.Errorf("unable to initialize Kubernetes scheme: %w", err)
 	}
 
-	host, portStr, err := net.SplitHostPort(opts.ListenAddr)
-	if err != nil {
-		return nil, fmt.Errorf("invalid listen address: %w", err)
-	}
-	port, err := strconv.Atoi(portStr)
-	if err != nil {
-		return nil, fmt.Errorf("invalid port: %w", err)
+	var webhookServer *webhook.Server
+	if opts.ListenAddr != "" {
+		// Create temporary directory to store webhook serving cert files.
+		certDir, err := os.MkdirTemp("", "operator-cert")
+		if err != nil {
+			return nil, fmt.Errorf("create temporary certificate dir: %w", err)
+		}
+
+		host, portStr, err := net.SplitHostPort(opts.ListenAddr)
+		if err != nil {
+			return nil, fmt.Errorf("invalid listen address: %w", err)
+		}
+		port, err := strconv.Atoi(portStr)
+		if err != nil {
+			return nil, fmt.Errorf("invalid port: %w", err)
+		}
+		webhookServer = &webhook.Server{
+			Host:    host,
+			Port:    port,
+			CertDir: certDir,
+		}
 	}
 	manager, err := ctrl.NewManager(clientConfig, manager.Options{
-		Scheme: sc,
-		Host:   host,
-		Port:   port,
+		Scheme:        sc,
+		WebhookServer: webhookServer,
 		// Don't run a metrics server with the manager. Metrics are being served
 		// explicitly in the main routine.
 		MetricsBindAddress: "0",
@@ -256,7 +265,6 @@ func New(logger logr.Logger, clientConfig *rest.Config, opts Options) (*Operator
 					},
 				}})
 		}),
-		CertDir: certDir,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("create controller manager: %w", err)
@@ -289,7 +297,8 @@ func New(logger logr.Logger, clientConfig *rest.Config, opts Options) (*Operator
 // custom resources and registers handlers with the webhook server.
 func (o *Operator) setupAdmissionWebhooks(ctx context.Context) error {
 	// Write provided cert files.
-	caBundle, err := o.ensureCerts(ctx, o.manager.GetWebhookServer().CertDir)
+	s := o.manager.GetWebhookServer()
+	caBundle, err := o.ensureCerts(ctx, s.CertDir)
 	if err != nil {
 		return err
 	}
@@ -320,8 +329,6 @@ func (o *Operator) setupAdmissionWebhooks(ctx context.Context) error {
 		}
 	}()
 
-	s := o.manager.GetWebhookServer()
-
 	// Validating webhooks.
 	s.Register(
 		validatePath(monitoringv1.PodMonitoringResource()),
@@ -374,8 +381,10 @@ func (o *Operator) Run(ctx context.Context, registry prometheus.Registerer) erro
 	if err := o.cleanupOldResources(ctx); err != nil {
 		return fmt.Errorf("cleanup old resources: %w", err)
 	}
-	if err := o.setupAdmissionWebhooks(ctx); err != nil {
-		return fmt.Errorf("init admission resources: %w", err)
+	if o.opts.ListenAddr != "" {
+		if err := o.setupAdmissionWebhooks(ctx); err != nil {
+			return fmt.Errorf("init admission resources: %w", err)
+		}
 	}
 	if err := setupCollectionControllers(o); err != nil {
 		return fmt.Errorf("setup collection controllers: %w", err)