Skip to main content
This guide shows you how to deploy self-hosted GitHub Actions runners on SUNK using Actions Runner Controller (ARC). By the end, you have ARC installed in your cluster and one or more runner scale sets registered with your GitHub organization, so workflow jobs can run on your SUNK CPU and GPU nodes instead of GitHub-hosted runners. This lets you take advantage of CoreWeave compute, such as H100 GPUs scheduled through SUNK, for your CI/CD jobs. This tutorial is intended for cluster administrators and platform engineers who manage SUNK clusters and want to integrate them with GitHub Actions workflows.
Controller versionThis documentation describes deploying ARC version 0.13.0, which uses the autoscaling architecture with AutoscalingRunnerSet resources. This is the approach maintained by GitHub.

Prerequisites

  • Access to a SUNK cluster with Kubernetes.
  • Cluster admin access or permissions to create namespaces and deploy applications.
  • A GitHub organization or repository where you want to register runners.
  • GitHub organization admin permissions (for creating GitHub Apps).
  • For GPU runners: A SUNK cluster with the SUNK Pod Scheduler deployed.

Create a GitHub App

ARC authenticates to GitHub using a GitHub App, which provides the credentials the controller uses to register runners and receive job events. Follow these steps to create one:
  1. Navigate to your GitHub organization settings, select Developer settings, then GitHub Apps, and then select New GitHub App: GitHub App page for creating a new app.
  2. Configure the GitHub App with the following values:
    • GitHub App name: Choose a name, for example, arc-controller.
    • Homepage URL: Use your organization URL.
    • Webhook: Clear “Active” (not needed for basic setup).
  3. Set the following permissions: Repository permissions Organization permissions
  4. Select Create GitHub App.
  5. Note and save the App ID from the app details page.
  6. Generate and download a private key by going to the Private keys section and selecting Generate a private key. Save the downloaded .pem file.
  7. Install the GitHub App:
    • In the left sidebar, select Install App.
    • Select your organization.
    • Choose All repositories or specific repositories.
    • Note the Installation ID from the URL. For example, in https://github.com/organizations/[ORG-NAME]/settings/installations/12345678, the number is your Installation ID.

Deploy the ARC controller

With the GitHub App in place, deploy the ARC controller into your cluster. The controller monitors GitHub workflow jobs and creates ephemeral runner pods on demand. Create the configuration files for deploying the ARC controller in your GitOps repository.
  1. Create the namespace configuration file at namespaces/actions-runner-system.yaml:
    namespaces/actions-runner-system.yaml
  2. Deploy the manifest:
  3. Create an Authentication Secret with your GitHub App credentials at secrets/arc/controller-manager.yaml:
    secrets/arc/controller-manager.yaml
    Replace the following with your values:
    • [APP-ID] with your GitHub App ID.
    • [INSTALLATION-ID] with the installation ID from the URL.
    • [PRIVATE-KEY-CONTENT] with your actual private key content.
  4. Create the Helm values file for the controller at arc/controller-values.yaml:
    arc/controller-values.yaml
  5. Add the ARC controller to your ArgoCD Applications manifest:
    Apps.yaml
  6. Commit and push the changes to deploy the controller. Verify it’s running:
    You should see the controller pod with status Running.

Configure runner scale sets

With the controller running, the next step is to register one or more runner scale sets that the controller manages. Each scale set maps a GitHub runs-on label to a pod template, so you can target different workload types from your workflows. You can deploy multiple runner scale sets for different workload types. The following sections describe examples for CPU and GPU runners.

CPU runners

  1. Create a values file for CPU runner scale sets at arc/cpu-runner-values.yaml:
    arc/cpu-runner-values.yaml
    Replace the following with your values:
    • [ORG-NAME] with your GitHub organization name.
    • For repository-level runners, use https://github.com/[USERNAME]/[REPO-NAME].
    • For enterprise runners, use https://github.com/enterprises/[ENTERPRISE-NAME].
  2. Add the CPU runner scale set to your ArgoCD Applications:
    Apps.yaml

GPU runners with SUNK Pod Scheduler

GPU runners require an extra layer of configuration so that job pods are scheduled through the SUNK Pod Scheduler and request GPU resources correctly. For GPU workloads that require SUNK Pod Scheduler integration, create both a pod template ConfigMap and a values file.
  1. Configure your SUNK Pod Scheduler name. Replace [SCHEDULER-NAME] with your SUNK Pod Scheduler name. The default format is typically <namespace>-<releaseName>-slurm-scheduler (for example, tenant-slurm-slurm-scheduler). To find your scheduler name, query the scheduler pod for its configured name:
    For details on SUNK Pod Scheduler configuration and annotations, see SUNK Pod Scheduler.
  2. Create a pod template ConfigMap. ARC supports container hooks that let you customize the pod specification for job containers. Create a ConfigMap with pod templates at arc/supporting/podtemplates.yaml:
    arc/supporting/podtemplates.yaml
  3. Add this as a supporting application to deploy the ConfigMap:
    Apps.yaml
  4. Create a values file for GPU runners. This configuration uses ARC’s container mode with Kubernetes container hooks to apply the SUNK scheduler pod template to job containers:
    arc/gpu-runner-values.yaml
    The container mode configuration enables the following: This allows GitHub Actions jobs to run as separate pods with SUNK scheduler annotations and GPU resources applied through the pod template.
  5. Add the GPU runner scale set to your ArgoCD Applications:
    Apps.yaml
  6. Commit and push to deploy the runner scale sets.
At this point, the ARC controller, the CPU runner scale set, and the GPU runner scale set are deployed and registered with your GitHub organization.

Use runners in workflows

With the scale sets registered, you can now route GitHub Actions jobs to them from any workflow in your organization. Target your self-hosted runners in GitHub Actions workflows using the runs-on key with the runner scale set name.
Runner scale set namesThe runs-on value must match your Helm release name:
  • arc-runner-cpu corresponds to helm install arc-runner-cpu ....
  • arc-runner-gpu corresponds to helm install arc-runner-gpu ....
CPU runners:
GPU runners:

Verify the installation

Use the following checks to confirm that the controller is running, the listener is connected to GitHub, and runner pods are created when a workflow runs. Check that the runner scale set is deployed:
Check the listener pod:
View listener logs to verify GitHub connection:
When a workflow is triggered, you should see ephemeral runner pods created:
For GPU runners, verify the SUNK scheduler is working:
Check that pods created by GPU workflows have the schedulerName set to your SUNK scheduler.

Scaling configuration

This section describes how runner scale sets respond to workflow demand and how to tune the minimum and maximum runner counts. Runner scale sets automatically scale based on workflow job demand: To customize scaling limits, add to your values file:

Additional resources

Last modified on May 27, 2026