alee/fieldwitness
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
fieldwitness/deploy/kubernetes/README.md
Aaron D. Lee 490f9d4a1d Rebrand SooSeF to FieldWitness 
Complete project rebrand for better positioning in the press freedom
and digital security space. FieldWitness communicates both field
deployment and evidence testimony — appropriate for the target audience
of journalists, NGOs, and human rights organizations.

Rename mapping:
- soosef → fieldwitness (package, CLI, all imports)
- soosef.stegasoo → fieldwitness.stego
- soosef.verisoo → fieldwitness.attest
- ~/.soosef/ → ~/.fwmetadata/ (innocuous data dir name)
- SOOSEF_DATA_DIR → FIELDWITNESS_DATA_DIR
- SoosefConfig → FieldWitnessConfig
- SoosefError → FieldWitnessError

Also includes:
- License switch from MIT to GPL-3.0
- C2PA bridge module (Phase 0-2 MVP): cert.py, export.py, vendor_assertions.py
- README repositioned to lead with provenance/federation, stego backgrounded
- Threat model skeleton at docs/security/threat-model.md
- Planning docs: docs/planning/c2pa-integration.md, docs/planning/gtm-feasibility.md

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 15:05:13 -04:00

2.2 KiB
Raw Permalink Blame History

FieldWitness Kubernetes Deployment

Architecture

                Field Devices (Tier 1)
                (Bootable USB + laptop)
                        |
                        | LAN / sneakernet
                        v
            ┌───────────────────────┐
            │  Org Server (Tier 2)  │  <-- server-deployment.yaml
            │  Full web UI + stego  │
            │  + attestation + fed  │
            │  Newsroom mini PC     │
            └───────────┬───────────┘
                        |
                        | gossip / federation API
                        v
            ┌───────────────────────┐
            │  Fed Relay (Tier 3)   │  <-- relay-deployment.yaml
            │  Attestation API only │
            │  VPS (Iceland, CH)    │
            │  Zero key knowledge   │
            └───────────────────────┘

Quick Start

# Build images
docker build -t fieldwitness-server --target server -f deploy/docker/Dockerfile .
docker build -t fieldwitness-relay --target relay -f deploy/docker/Dockerfile .

# Deploy to Kubernetes
kubectl apply -f deploy/kubernetes/namespace.yaml
kubectl apply -f deploy/kubernetes/server-deployment.yaml
kubectl apply -f deploy/kubernetes/relay-deployment.yaml

Notes

  • Single writer: Both deployments use replicas: 1 with Recreate strategy. FieldWitness uses SQLite and append-only binary logs that require single-writer access. Do not scale horizontally.
  • PVCs: Both deployments require persistent volumes. The server needs 10Gi, the relay needs 5Gi. Adjust based on expected attestation volume.
  • Security: The relay stores only attestation records (image hashes + signatures). It never sees encryption keys, plaintext messages, or original images. If the relay is seized, the attacker gets cryptographic hashes — nothing actionable.
  • Ingress: Not included. Configure your own ingress controller with TLS termination. The federation API should be TLS-encrypted in transit.