From 70cb9186a6da7dbfa563252b34c90996e82e7e58 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Mon, 25 Jul 2022 17:51:12 -0500
Subject: [PATCH] Add Jenkins setup resources

---
 README.md            | 11 +++++++++++
 jenkins/README.md    | 38 ++++++++++++++++++++++++++++++++++++++
 jenkins/jenkins.yaml | 18 ++++++++++++++++++
 3 files changed, 67 insertions(+)
 create mode 100644 jenkins/README.md
 create mode 100644 jenkins/jenkins.yaml

diff --git a/README.md b/README.md
index 2a95d57..de68c5b 100644
--- a/README.md
+++ b/README.md
@@ -14,3 +14,14 @@ All machines run Fedora, using only Fedora builds of the Kubernetes components
 (`kubeadm`, `kubectl`, and `kubeadm`).
 
 See [Cluster Setup](setup/README.md) for details.
+
+
+## Jenkins Agents
+
+One of the main use cases for the Kubernetes cluster is to provide dynamic
+agents for Jenkins.  Using the [Kubernetes Plugin][0], Jenkins will
+automatically launch worker nodes as Kubernetes pods.
+
+See [Jenkins Kubernetes Integration](jenkins/README.md) for details.
+
+[0]: https://plugins.jenkins.io/kubernetes/
diff --git a/jenkins/README.md b/jenkins/README.md
new file mode 100644
index 0000000..8ecb101
--- /dev/null
+++ b/jenkins/README.md
@@ -0,0 +1,38 @@
+# Jenkins Kubernetes Integration
+
+## Kubernetes Setup
+
+Create *jenkins* user:
+
+```sh
+kubeadm kubeconfig user \
+    --client-name jenkins \
+    --config kubeadm-user.yml \
+    --org jenkins \
+    > jenkins.kubeconfig
+```
+
+Configure Jenkins resources:
+
+```sh
+kubectl apply -f jenkins.yaml
+```
+
+
+## Jenkins Setup
+
+Install [Kubernetes plugin][0].
+
+Set *TCP port for inbound agents* setting (*Manage Jenkins* → *Configure Global
+Security*) to *Fixed* and enter a number.  Be sure to open this port with
+*firewalld* on the Jenkins server.
+
+Configure Kubernetes (*Manage Jenkins* → *Manage Nodes and Clouds* → *Configure
+Clouds*:
+
+* *Kubernetes URL*: https://kubernetes.pyrocufflink.blue:6443
+* *Kubernetes server certificate key*: Contents of `/etc/kubernetes/pki/ca.crt`
+* *Kubernetes Namespace*: jenkins
+* *Credentials*: Certificate and private key from `jenkins.kubeconfig`
+
+[0]: https://plugins.jenkins.io/kubernetes/
diff --git a/jenkins/jenkins.yaml b/jenkins/jenkins.yaml
new file mode 100644
index 0000000..05e1938
--- /dev/null
+++ b/jenkins/jenkins.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: jenkins
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: jenkins-binding
+  namespace: jenkins
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: jenkins