diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..15aa204
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,11 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[Jenkinsfile]
+indent_style = space
+indent_size = 4
diff --git a/ci/Jenkinsfile b/ci/Jenkinsfile
index 8b3a250..881e4d5 100644
--- a/ci/Jenkinsfile
+++ b/ci/Jenkinsfile
@@ -1,11 +1,9 @@
-DOCKER_BUILD_ARGS = '''\
---build-arg UID=$(id -u) \
---build-arg GID=$(id -g) \
-'''
-
 pipeline {
     agent {
-        label 'docker && aarch64'
+        kubernetes {
+            yamlFile 'ci/podTemplate.yaml'
+            defaultContainer 'build'
+        }
     }
 
     options {
@@ -13,10 +11,6 @@ pipeline {
         disableConcurrentBuilds()
     }
 
-    triggers {
-        pollSCM ''
-    }
-
     parameters {
         booleanParam \
             name: 'Clean',
@@ -25,14 +19,6 @@ pipeline {
 
     stages {
         stage('Build') {
-            agent {
-                dockerfile {
-                    reuseNode true
-                    dir 'ci'
-                    args '--privileged -u 0:0'
-                    additionalBuildArgs DOCKER_BUILD_ARGS
-                }
-            }
             steps {
                 script {
                     if (params.Clean) {
@@ -54,17 +40,11 @@ pipeline {
                     changeRequest()
                 }
             }
-            agent {
-                dockerfile {
-                    reuseNode true
-                    dir 'ci'
-                    args '-v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts'
-                    additionalBuildArgs DOCKER_BUILD_ARGS
-                }
-            }
             steps {
-                sshagent(['jenkins-pxe']) {
-                    sh 'make publish'
+                container('publish') {
+                    sshagent(['jenkins-pxe']) {
+                        sh 'make publish'
+                    }
                 }
             }
         }
diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml
new file mode 100644
index 0000000..3f40340
--- /dev/null
+++ b/ci/podTemplate.yaml
@@ -0,0 +1,31 @@
+spec:
+  nodeSelector:
+    kubernetes.io/arch: arm64
+  terminationGracePeriodSeconds: 0
+  containers:
+  - name: build
+    image: git.pyrocufflink.net/containerimages/build/basementhud
+    command:
+    - sleep
+    - infinity
+    securityContext:
+      readOnlyRootFilesystem: true
+      privileged: true
+    volumeMounts:
+    - name: tmp
+      mountPath: /tmp
+  - name: publish
+    image: git.pyrocufflink.net/containerimages/build/basementhud
+    command:
+    - sleep
+    - infinity
+    securityContext:
+      readOnlyRootFilesystem: true
+      runAsUser: 1000
+    volumeMounts:
+    - name: tmp
+      mountPath: /tmp
+  volumes:
+  - name: tmp
+    emptyDir:
+      medium: Memory