Mastodon on K3s:
Architecture
As I mentioned in my previous post, I'll install K3s on a 3 servers, one of these servers will be the server (manager) and the other two will be the agents, such architecture is the same as the one explained on the Single-server Setup with Embedded DB section in K3s docs (the following image is taken from the docs).

This architecture may not be the best one, as for example if the server node went down everything will stop working, but in our case it is more than enough.
If you care more about high-availability you can check the "High-Availability K3s Server with an External DB" section in the docs.
Operating System
"K3s is expected to work on most modern Linux systems", and in our case I'll assume that you are on Ubuntu 22.04, but if you decided to use other operating systems you need to check the OSs specific requirements.
- If you are using (Red Hat/CentOS) Enterprise Linux, follow these steps for additional setup.
- If you are using Raspberry Pi OS, follow these steps to switch to legacy iptables.
It is also preferable that all your nodes are running the same system/version/setup to make sure you don't face any special cases on some nodes while others working without any problem.
Networking
K3s server needs port 6443 to be open, or at lease accessible by all nodes, so you can for example open it only between the nodes while also disable it from the whole internet.
You need to make sure to open the following ports on your cluster:
Protocol | Port | Source | Destination | Description |
TCP | 2379-2380 | Servers | Servers | Required only for HA with embedded etcd |
TCP | 6443 | Agents | Servers | K3s supervisor and Kubernetes API Server |
UDP | 8472 | All nodes | All nodes | Required only for Flannel VXLAN |
TCP | 10250 | All nodes | All nodes | Kubelet metrics |
UDP | 51820 | All nodes | All nodes | Required only for Flannel Wireguard with IPv4 |
UDP | 51821 | All nodes | All nodes | Required only for Flannel Wireguard with IPv6 |
You should have a look at the networking docs to be familiar with everything needed, and in case they change anything in the future.
Installation
Installing K3s Server
I have already talked about installing K3s on RPI, the steps are the same except that you are not required to edit any boot files, but the commands are the same
curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL=latest sh -s - --write-kubeconfig-mode 644
Now, before we jump to install the agents, we need to make sure to write down the server token, which can be found inside the following file:
sudo cat /var/lib/rancher/k3s/server/node-token
Installing the Agents
You already have the Token and you already know the IP of the K3s server, all you have to do is to run the following command:
curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL=latest K3S_URL=https://192.168.68.110:6443 K3S_TOKEN=<REPLACE_WITH_YOUR_TOKEN> sh -
Validating your Setup
From your server node you can run the following command
$ kubectel get nodes NAME STATUS ROLES AGE VERSION worker-1 Ready <none> 1h v1.25.4+k3s1 worker-2 Ready <none> 1h v1.25.4+k3s1 master Ready control-plane,master 1h v1.25.4+k3s1
Setting up Lens/OpenLens
Once you downloaded OpenLens you can add the cluster configuration to it so you can manage it, but first you need to make sure that you ssh into your K3s server node, not the agents, and you can read the following file:
sudo cat /etc/rancher/k3s/k3s.yaml
Once you copied all the configuration, open OpenLens and in the welcome page click on "Browse Clusters in Catalog" then in the bottom right, hover over the plus sign and choose "Add from kubeconfig" from the list.

You will be presented with an editor that you can past the content of the k3s.yaml
file in it, once you are done and before clicking "Add clusters", remember to change the IP address from server: https://127.0.0.1:6443
to your server ip address
once you changed the IP click "Add Clusters" and we are done for now.