diff --git a/ci/Jenkinsfile b/ci/Jenkinsfile
index d3c9534..429b9d4 100644
--- a/ci/Jenkinsfile
+++ b/ci/Jenkinsfile
@@ -11,7 +11,6 @@ pipeline {
     agent {
         kubernetes {
             yamlFile 'ci/podTemplate.yaml'
-            yamlMergeStrategy merge()
             workspaceVolume persistentVolumeClaimWorkspaceVolume(
                 claimName: 'buildroot-airplaypi'
             )
diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml
index a15cc3b..798c308 100644
--- a/ci/podTemplate.yaml
+++ b/ci/podTemplate.yaml
@@ -1,4 +1,15 @@
+metadata:
+  annotations:
+    io.kubernetes.cri-o.TrySkipVolumeSELinuxLabel: 'true'
 spec:
+  affinity:
+    nodeAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        preference:
+          matchExpressions:
+          - key: node-role.kubernetes.io/jenkins
+            operator: Exists
   containers:
   - name: build
     image: git.pyrocufflink.net/containerimages/buildroot
@@ -11,8 +22,14 @@ spec:
     - mountPath: /etc/ssh/ssh_known_hosts
       name: ssh-known-hosts
       subPath: ssh_known_hosts
+  nodeSelector:
+    kubernetes.io/arch: amd64
   securityContext:
     fsGroupChangePolicy: OnRootMismatch
+    seLinuxOptions:
+      level: s0:c596,c675
+  tolerations:
+  - key: du5t1n.me/jenkins
   volumes:
   - name: ssh-known-hosts
     configMap: