490f9d4a1d
Complete project rebrand for better positioning in the press freedom and digital security space. FieldWitness communicates both field deployment and evidence testimony — appropriate for the target audience of journalists, NGOs, and human rights organizations. Rename mapping: - soosef → fieldwitness (package, CLI, all imports) - soosef.stegasoo → fieldwitness.stego - soosef.verisoo → fieldwitness.attest - ~/.soosef/ → ~/.fwmetadata/ (innocuous data dir name) - SOOSEF_DATA_DIR → FIELDWITNESS_DATA_DIR - SoosefConfig → FieldWitnessConfig - SoosefError → FieldWitnessError Also includes: - License switch from MIT to GPL-3.0 - C2PA bridge module (Phase 0-2 MVP): cert.py, export.py, vendor_assertions.py - README repositioned to lead with provenance/federation, stego backgrounded - Threat model skeleton at docs/security/threat-model.md - Planning docs: docs/planning/c2pa-integration.md, docs/planning/gtm-feasibility.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
98 lines
2.4 KiB
YAML
98 lines
2.4 KiB
YAML
# FieldWitness Org Server — Full deployment with persistent storage.
|
|
# For newsroom or trusted infrastructure deployment.
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: fieldwitness-server
|
|
namespace: fieldwitness
|
|
labels:
|
|
app.kubernetes.io/name: fieldwitness
|
|
app.kubernetes.io/component: server
|
|
spec:
|
|
replicas: 1 # Single writer — do not scale horizontally
|
|
strategy:
|
|
type: Recreate # Not RollingUpdate — SQLite + append-only logs need single writer
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: fieldwitness
|
|
app.kubernetes.io/component: server
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: fieldwitness
|
|
app.kubernetes.io/component: server
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
containers:
|
|
- name: fieldwitness
|
|
image: fieldwitness-server:latest
|
|
ports:
|
|
- containerPort: 5000
|
|
name: web
|
|
- containerPort: 8000
|
|
name: federation
|
|
env:
|
|
- name: FIELDWITNESS_DATA_DIR
|
|
value: /data
|
|
- name: FIELDWITNESS_GOSSIP_INTERVAL
|
|
value: "60"
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /data
|
|
resources:
|
|
requests:
|
|
memory: "512Mi"
|
|
cpu: "250m"
|
|
limits:
|
|
memory: "2Gi"
|
|
cpu: "2000m"
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 5000
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 30
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: 5000
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
volumes:
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: fieldwitness-data
|
|
---
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: fieldwitness-data
|
|
namespace: fieldwitness
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 10Gi
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: fieldwitness-server
|
|
namespace: fieldwitness
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/name: fieldwitness
|
|
app.kubernetes.io/component: server
|
|
ports:
|
|
- name: web
|
|
port: 5000
|
|
targetPort: 5000
|
|
- name: federation
|
|
port: 8000
|
|
targetPort: 8000
|
|
type: ClusterIP
|