Add Jenkins setup resources

README.md

@@ -14,3 +14,14 @@ All machines run Fedora, using only Fedora builds of the Kubernetes components
 (`kubeadm`, `kubectl`, and `kubeadm`).
 
 See [Cluster Setup](setup/README.md) for details.
+
+
+## Jenkins Agents
+
+One of the main use cases for the Kubernetes cluster is to provide dynamic
+agents for Jenkins.  Using the [Kubernetes Plugin][0], Jenkins will
+automatically launch worker nodes as Kubernetes pods.
+
+See [Jenkins Kubernetes Integration](jenkins/README.md) for details.
+
+[0]: https://plugins.jenkins.io/kubernetes/

jenkins/README.md

@@ -0,0 +1,38 @@
+# Jenkins Kubernetes Integration
+
+## Kubernetes Setup
+
+Create *jenkins* user:
+
+```sh
+kubeadm kubeconfig user \
+    --client-name jenkins \
+    --config kubeadm-user.yml \
+    --org jenkins \
+    > jenkins.kubeconfig
+```
+
+Configure Jenkins resources:
+
+```sh
+kubectl apply -f jenkins.yaml
+```
+
+
+## Jenkins Setup
+
+Install [Kubernetes plugin][0].
+
+Set *TCP port for inbound agents* setting (*Manage Jenkins* → *Configure Global
+Security*) to *Fixed* and enter a number.  Be sure to open this port with
+*firewalld* on the Jenkins server.
+
+Configure Kubernetes (*Manage Jenkins* → *Manage Nodes and Clouds* → *Configure
+Clouds*:
+
+* *Kubernetes URL*: https://kubernetes.pyrocufflink.blue:6443
+* *Kubernetes server certificate key*: Contents of `/etc/kubernetes/pki/ca.crt`
+* *Kubernetes Namespace*: jenkins
+* *Credentials*: Certificate and private key from `jenkins.kubeconfig`
+
+[0]: https://plugins.jenkins.io/kubernetes/

jenkins/jenkins.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: jenkins
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: jenkins-binding
+  namespace: jenkins
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: jenkins