diff --git a/plugin/pkg/admission/imagepolicy/admission.go b/plugin/pkg/admission/imagepolicy/admission.go
index 7c988aead47..a4cfa8e27bc 100644
--- a/plugin/pkg/admission/imagepolicy/admission.go
+++ b/plugin/pkg/admission/imagepolicy/admission.go
@@ -160,13 +160,13 @@ func (a *Plugin) Validate(ctx context.Context, attributes admission.Attributes,
 			Namespace:   attributes.GetNamespace(),
 		},
 	}
-	if err := a.admitPod(pod, attributes, &imageReview); err != nil {
+	if err := a.admitPod(ctx, pod, attributes, &imageReview); err != nil {
 		return admission.NewForbidden(attributes, err)
 	}
 	return nil
 }
 
-func (a *Plugin) admitPod(pod *api.Pod, attributes admission.Attributes, review *v1alpha1.ImageReview) error {
+func (a *Plugin) admitPod(ctx context.Context, pod *api.Pod, attributes admission.Attributes, review *v1alpha1.ImageReview) error {
 	cacheKey, err := json.Marshal(review.Spec)
 	if err != nil {
 		return err
@@ -174,7 +174,7 @@ func (a *Plugin) admitPod(pod *api.Pod, attributes admission.Attributes, review
 	if entry, ok := a.responseCache.Get(string(cacheKey)); ok {
 		review.Status = entry.(v1alpha1.ImageReviewStatus)
 	} else {
-		result := a.webhook.WithExponentialBackoff(func() rest.Result {
+		result := a.webhook.WithExponentialBackoff(ctx, func() rest.Result {
 			return a.webhook.RestClient.Post().Body(review).Do()
 		})
 
diff --git a/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook.go b/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook.go
index eb6c17bdb6b..28eee546980 100644
--- a/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook.go
+++ b/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook.go
@@ -18,6 +18,7 @@ limitations under the License.
 package webhook
 
 import (
+	"context"
 	"fmt"
 	"time"
 
@@ -81,9 +82,9 @@ func newGenericWebhook(scheme *runtime.Scheme, codecFactory serializer.CodecFact
 
 // WithExponentialBackoff will retry webhookFn() up to 5 times with exponentially increasing backoff when
 // it returns an error for which apierrors.SuggestsClientDelay() or apierrors.IsInternalError() returns true.
-func (g *GenericWebhook) WithExponentialBackoff(webhookFn func() rest.Result) rest.Result {
+func (g *GenericWebhook) WithExponentialBackoff(ctx context.Context, webhookFn func() rest.Result) rest.Result {
 	var result rest.Result
-	WithExponentialBackoff(g.InitialBackoff, func() error {
+	WithExponentialBackoff(ctx, g.InitialBackoff, func() error {
 		result = webhookFn()
 		return result.Error()
 	})
@@ -92,7 +93,7 @@ func (g *GenericWebhook) WithExponentialBackoff(webhookFn func() rest.Result) re
 
 // WithExponentialBackoff will retry webhookFn() up to 5 times with exponentially increasing backoff when
 // it returns an error for which apierrors.SuggestsClientDelay() or apierrors.IsInternalError() returns true.
-func WithExponentialBackoff(initialBackoff time.Duration, webhookFn func() error) error {
+func WithExponentialBackoff(ctx context.Context, initialBackoff time.Duration, webhookFn func() error) error {
 	backoff := wait.Backoff{
 		Duration: initialBackoff,
 		Factor:   1.5,
@@ -103,6 +104,12 @@ func WithExponentialBackoff(initialBackoff time.Duration, webhookFn func() error
 	var err error
 	wait.ExponentialBackoff(backoff, func() (bool, error) {
 		err = webhookFn()
+
+		if ctx.Err() != nil {
+			// we timed out or were cancelled, we should not retry
+			return true, err
+		}
+
 		// these errors indicate a transient error that should be retried.
 		if net.IsConnectionReset(err) || apierrors.IsInternalError(err) || apierrors.IsTimeout(err) || apierrors.IsTooManyRequests(err) {
 			return false, nil
diff --git a/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go b/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go
index 48d9764301a..d56599d987c 100644
--- a/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go
@@ -17,6 +17,7 @@ limitations under the License.
 package webhook
 
 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/json"
@@ -550,7 +551,7 @@ func TestWithExponentialBackoff(t *testing.T) {
 		t.Fatalf("failed to create the webhook: %v", err)
 	}
 
-	result := wh.WithExponentialBackoff(func() rest.Result {
+	result := wh.WithExponentialBackoff(context.Background(), func() rest.Result {
 		return wh.RestClient.Get().Do()
 	})
 
@@ -562,7 +563,7 @@ func TestWithExponentialBackoff(t *testing.T) {
 		t.Errorf("unexpected status code: %d", statusCode)
 	}
 
-	result = wh.WithExponentialBackoff(func() rest.Result {
+	result = wh.WithExponentialBackoff(context.Background(), func() rest.Result {
 		return wh.RestClient.Get().Do()
 	})
 
diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook.go b/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook.go
index ae789a3b33f..d2606541d29 100644
--- a/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook.go
+++ b/staging/src/k8s.io/apiserver/plugin/pkg/audit/webhook/webhook.go
@@ -18,6 +18,7 @@ limitations under the License.
 package webhook
 
 import (
+	"context"
 	"fmt"
 	"time"
 
@@ -95,7 +96,7 @@ func (b *backend) processEvents(ev ...*auditinternal.Event) error {
 	for _, e := range ev {
 		list.Items = append(list.Items, *e)
 	}
-	return b.w.WithExponentialBackoff(func() rest.Result {
+	return b.w.WithExponentialBackoff(context.Background(), func() rest.Result {
 		trace := utiltrace.New("Call Audit Events webhook",
 			utiltrace.Field{"name", b.name},
 			utiltrace.Field{"event-count", len(list.Items)})
diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go b/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go
index e13985d726b..9105eb7b8ee 100644
--- a/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go
+++ b/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go
@@ -98,7 +98,7 @@ func (w *WebhookTokenAuthenticator) AuthenticateToken(ctx context.Context, token
 		err    error
 		auds   authenticator.Audiences
 	)
-	webhook.WithExponentialBackoff(w.initialBackoff, func() error {
+	webhook.WithExponentialBackoff(ctx, w.initialBackoff, func() error {
 		result, err = w.tokenReview.Create(r)
 		return err
 	})
diff --git a/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go b/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go
index cb033a63ef8..eb6f7af1781 100644
--- a/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go
+++ b/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/webhook/webhook.go
@@ -188,7 +188,7 @@ func (w *WebhookAuthorizer) Authorize(ctx context.Context, attr authorizer.Attri
 			result *authorization.SubjectAccessReview
 			err    error
 		)
-		webhook.WithExponentialBackoff(w.initialBackoff, func() error {
+		webhook.WithExponentialBackoff(ctx, w.initialBackoff, func() error {
 			result, err = w.subjectAccessReview.Create(r)
 			return err
 		})