alee/fieldwitness
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6325e86873
fieldwitness/deploy/kubernetes/README.md
Aaron D. Lee 496198d49a
Some checks failed
CI / lint (push) Failing after 55s
Details
CI / typecheck (push) Failing after 31s
Details
Add three-tier deployment infrastructure 
Platform pivot from Raspberry Pi to three-tier model:
- Tier 1: Bootable Debian Live USB for field reporters
- Tier 2: Docker/K8s org server for newsrooms
- Tier 3: Docker/K8s federation relay for VPS

Tier 1 — Live USB (deploy/live-usb/):
- build.sh: live-build based image builder for amd64
- Package list: Python + system deps + minimal GUI (openbox + Firefox)
- Install hook: creates venv, pip installs soosef[web,cli,attest,...]
- Hardening hook: disable swap/coredumps, UFW, auto-login to web UI
- systemd service with security hardening (NoNewPrivileges, ProtectSystem)
- Auto-opens Firefox kiosk to http://127.0.0.1:5000 on boot

Tier 2+3 — Docker (deploy/docker/):
- Multi-stage Dockerfile with two targets:
  - server: full web UI + stego + attestation + federation (Tier 2)
  - relay: lightweight FastAPI attestation API only (Tier 3)
- docker-compose.yml with both services and persistent volumes
- .dockerignore for clean builds

Kubernetes (deploy/kubernetes/):
- namespace.yaml, server-deployment.yaml, relay-deployment.yaml
- PVCs, services, health checks, resource limits
- Single-writer strategy (Recreate, not RollingUpdate) for SQLite safety
- README with architecture diagram and deployment instructions

Config presets (deploy/config-presets/):
- low-threat.json: press freedom country (no killswitch, 30min sessions)
- medium-threat.json: restricted press (48h deadman, USB monitoring)
- high-threat.json: conflict zone (12h deadman, tamper monitoring, 5min sessions)
- critical-threat.json: targeted surveillance (127.0.0.1 only, 6h deadman, 3min sessions)

Deployment guide rewritten for three-tier model with RPi as legacy appendix.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 22:52:38 -04:00

53 lines
2.2 KiB
Markdown
Raw Blame History

# SooSeF Kubernetes Deployment
## Architecture
```
Field Devices (Tier 1)
(Bootable USB + laptop)
|
| LAN / sneakernet
v
┌───────────────────────┐
│ Org Server (Tier 2) │ <-- server-deployment.yaml
│ Full web UI + stego │
│ + attestation + fed │
│ Newsroom mini PC │
└───────────┬───────────┘
|
| gossip / federation API
v
┌───────────────────────┐
│ Fed Relay (Tier 3) │ <-- relay-deployment.yaml
│ Attestation API only │
│ VPS (Iceland, CH) │
│ Zero key knowledge │
└───────────────────────┘
```
## Quick Start
```bash
# Build images
docker build -t soosef-server --target server -f deploy/docker/Dockerfile .
docker build -t soosef-relay --target relay -f deploy/docker/Dockerfile .
# Deploy to Kubernetes
kubectl apply -f deploy/kubernetes/namespace.yaml
kubectl apply -f deploy/kubernetes/server-deployment.yaml
kubectl apply -f deploy/kubernetes/relay-deployment.yaml
```
## Notes
- **Single writer**: Both deployments use `replicas: 1` with `Recreate` strategy.
SooSeF uses SQLite and append-only binary logs that require single-writer access.
Do not scale horizontally.
- **PVCs**: Both deployments require persistent volumes. The server needs 10Gi,
the relay needs 5Gi. Adjust based on expected attestation volume.
- **Security**: The relay stores only attestation records (image hashes + signatures).
It never sees encryption keys, plaintext messages, or original images.
If the relay is seized, the attacker gets cryptographic hashes — nothing actionable.
- **Ingress**: Not included. Configure your own ingress controller with TLS termination.
The federation API should be TLS-encrypted in transit.
Reference in New Issue View Git Blame Copy Permalink