diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
index 1f16e0f4..a9eec578 100644
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -18,6 +18,7 @@ patches:
 - path: patches/webhook_in_chyts.yaml
 - path: patches/webhook_in_remoteytsaurus.yaml
 - path: patches/webhook_in_remoteexecnodes.yaml
+- path: patches/webhook_in_remotedatanodes.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
@@ -27,6 +28,7 @@ patches:
 - path: patches/cainjection_in_chyts.yaml
 - path: patches/cainjection_in_remoteytsaurus.yaml
 - path: patches/cainjection_in_remoteexecnodes.yaml
+- path: patches/cainjection_in_remotedatanodes.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.
diff --git a/config/rbac/remotedatanodes_editor_role.yaml b/config/rbac/remotedatanodes_editor_role.yaml
new file mode 100644
index 00000000..edb24324
--- /dev/null
+++ b/config/rbac/remotedatanodes_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit remotedatanodes.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: remotedatanodes-editor-role
+rules:
+- apiGroups:
+  - cluster.ytsaurus.tech
+  resources:
+  - remotedatanodes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - cluster.ytsaurus.tech
+  resources:
+  - remotedatanodes/status
+  verbs:
+  - get
diff --git a/config/rbac/remotedatanodes_viewer_role.yaml b/config/rbac/remotedatanodes_viewer_role.yaml
new file mode 100644
index 00000000..78fef56c
--- /dev/null
+++ b/config/rbac/remotedatanodes_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view remotedatanodes.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: remotedatanodes-viewer-role
+rules:
+- apiGroups:
+  - cluster.ytsaurus.tech
+  resources:
+  - remotedatanodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.ytsaurus.tech
+  resources:
+  - remotedatanodes/status
+  verbs:
+  - get
diff --git a/ytop-chart/templates/manager-rbac.yaml b/ytop-chart/templates/manager-rbac.yaml
index 162a8790..fba39179 100644
--- a/ytop-chart/templates/manager-rbac.yaml
+++ b/ytop-chart/templates/manager-rbac.yaml
@@ -145,6 +145,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - cluster.ytsaurus.tech
+  resources:
+  - remotedatanodes
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups:
+  - cluster.ytsaurus.tech
+  resources:
+  - remotedatanodes/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - cluster.ytsaurus.tech
+  resources:
+  - remotedatanodes/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - cluster.ytsaurus.tech
   resources: