diff --git a/pkg/components/exec_node_base.go b/pkg/components/exec_node_base.go
index 1fd7b90b..a414da7f 100644
--- a/pkg/components/exec_node_base.go
+++ b/pkg/components/exec_node_base.go
@@ -73,6 +73,10 @@ func (n *baseExecNode) doBuildBase() error {
 	}
 	setContainerPrivileged(&podSpec.Containers[0])
 
+	if envSpec := n.spec.JobEnvironment; envSpec != nil && envSpec.CRI != nil {
+		n.addEnvironmentForCRITools(&podSpec.Containers[0])
+	}
+
 	for i := range podSpec.InitContainers {
 		setContainerPrivileged(&podSpec.InitContainers[i])
 	}
@@ -107,6 +111,15 @@ func (n *baseExecNode) doBuildBase() error {
 	return nil
 }
 
+func (n *baseExecNode) addEnvironmentForCRITools(container *corev1.Container) {
+	socketPath := ytconfig.GetContainerdSocketPath(n.spec)
+	container.Env = append(container.Env, []corev1.EnvVar{
+		{Name: "CONTAINERD_ADDRESS", Value: socketPath},                     // ctr
+		{Name: "CONTAINERD_NAMESPACE", Value: "k8s.io"},                     // ctr
+		{Name: "CONTAINER_RUNTIME_ENDPOINT", Value: "unix://" + socketPath}, // crictl
+	}...)
+}
+
 func (n *baseExecNode) doBuildCRISidecar(envSpec *ytv1.JobEnvironmentSpec, podSpec *corev1.PodSpec) {
 	configPath := path.Join(consts.ContainerdConfigMountPoint, consts.ContainerdConfigFileName)
 
@@ -128,6 +141,8 @@ func (n *baseExecNode) doBuildCRISidecar(envSpec *ytv1.JobEnvironmentSpec, podSp
 		},
 	}
 
+	n.addEnvironmentForCRITools(&jobsContainer)
+
 	jobsContainer.VolumeMounts = append(jobsContainer.VolumeMounts,
 		corev1.VolumeMount{
 			Name:      consts.ContainerdConfigVolumeName,
diff --git a/pkg/ytconfig/cri.go b/pkg/ytconfig/cri.go
index c9cf2562..5b8fdfea 100644
--- a/pkg/ytconfig/cri.go
+++ b/pkg/ytconfig/cri.go
@@ -8,7 +8,7 @@ import (
 	"github.com/ytsaurus/yt-k8s-operator/pkg/consts"
 )
 
-func getContainerdSocketPath(spec *ytv1.ExecNodesSpec) string {
+func GetContainerdSocketPath(spec *ytv1.ExecNodesSpec) string {
 	if location := ytv1.FindFirstLocation(spec.Locations, ytv1.LocationTypeImageCache); location != nil {
 		return path.Join(location.Path, consts.ContainerdSocketName)
 	}
@@ -30,7 +30,7 @@ func (g *NodeGenerator) GetContainerdConfig(spec *ytv1.ExecNodesSpec) ([]byte, e
 		"root":    rootPath,
 
 		"grpc": map[string]any{
-			"address": getContainerdSocketPath(spec),
+			"address": GetContainerdSocketPath(spec),
 			"uid":     0,
 			"gid":     0,
 		},
diff --git a/pkg/ytconfig/node.go b/pkg/ytconfig/node.go
index 9087f76e..d5061ff3 100644
--- a/pkg/ytconfig/node.go
+++ b/pkg/ytconfig/node.go
@@ -402,7 +402,7 @@ func fillJobEnvironment(execNode *ExecNode, spec *ytv1.ExecNodesSpec, commonSpec
 
 		jobEnv.UseJobProxyFromImage = ptr.Bool(false)
 
-		endpoint := "unix://" + getContainerdSocketPath(spec)
+		endpoint := "unix://" + GetContainerdSocketPath(spec)
 
 		jobEnv.CriExecutor = &CriExecutor{
 			RuntimeEndpoint: endpoint,