diff --git a/plugin/pkg/admission/imagepolicy/config.go b/plugin/pkg/admission/imagepolicy/config.go
index 558b290e862..df34a4906b4 100644
--- a/plugin/pkg/admission/imagepolicy/config.go
+++ b/plugin/pkg/admission/imagepolicy/config.go
@@ -86,7 +86,7 @@ func normalizeConfigDuration(name string, scale, value, min, max, defaultValue t
 	value *= scale
 
 	// check value is within range
-	if value <= min || value > max {
+	if value < min || value > max {
 		return value, fmt.Errorf("valid value is between %v and %v, got %v", min, max, value)
 	}
 	return value, nil
diff --git a/plugin/pkg/admission/imagepolicy/config_test.go b/plugin/pkg/admission/imagepolicy/config_test.go
index 9f09d181448..8567011ce16 100644
--- a/plugin/pkg/admission/imagepolicy/config_test.go
+++ b/plugin/pkg/admission/imagepolicy/config_test.go
@@ -89,6 +89,34 @@ func TestConfigNormalization(t *testing.T) {
 			},
 			wantErr: false,
 		},
+		{
+			test: "config within normal ranges for min values",
+			config: imagePolicyWebhookConfig{
+				AllowTTL:     minAllowTTL / time.Second,
+				DenyTTL:      minDenyTTL / time.Second,
+				RetryBackoff: minRetryBackoff,
+			},
+			normalizedConfig: imagePolicyWebhookConfig{
+				AllowTTL:     minAllowTTL,
+				DenyTTL:      minDenyTTL,
+				RetryBackoff: minRetryBackoff * time.Millisecond,
+			},
+			wantErr: false,
+		},
+		{
+			test: "config within normal ranges for max values",
+			config: imagePolicyWebhookConfig{
+				AllowTTL:     maxAllowTTL / time.Second,
+				DenyTTL:      maxDenyTTL / time.Second,
+				RetryBackoff: maxRetryBackoff / time.Millisecond,
+			},
+			normalizedConfig: imagePolicyWebhookConfig{
+				AllowTTL:     maxAllowTTL,
+				DenyTTL:      maxDenyTTL,
+				RetryBackoff: maxRetryBackoff,
+			},
+			wantErr: false,
+		},
 	}
 	for _, tt := range tests {
 		err := normalizeWebhookConfig(&tt.config)