Cloud / Containerization / Virtualization Technologies

 This is a bit of a research brain dump regarding a number of technologies and/or projects that are often encountered when looking into cloud/container/virtualization technologies.  

I've condensed this portion to a diagram which is still a work-in-progress.  It tries to organize some common items into "buckets" and tries to hint at some of the relationships between items. As time passes, the differentiation between buckets get cloudy.  Some projects / technologies end up sharing, reworking or supporting other projects in ways that make it hard to distinguish meaningful differences. Other projects start off with lots of excitement and then seem to fade quickly.   

I'm working on another diagram that tries to cover network items deeper along with some security and storage items.  Those are usually not cloud / container / virtualization specific so it made more sense to work on those separately.  That diagram is very messy still - I'll create a new post for it "soonish" with the note that it is very much a work-in-progress.  I'll add a link to it from here though.  

This is all public information from various public projects, tech company public sites, tech "news and information" sites, etc.  There is still a significant amount of change going on and it will be interesting to see what truly new and innovative ideas appear.  

[Edit 2021/01/28] Here is my initial post for network / storage / security focused items:

Apache 2.4.x / Subversion 1.8.x / SSL Accelerator

Relatively complex authorization strategies are somewhat challenging to setup.  I have a functional configuration but I do question whether there may be some gotchas (which should be documented).

What I was able to get working is:

Apache Virtual Host 1
* SSL terminated by HW accelerator
* read/write access to each repository
* Location 1 [SVNParentPath /the-path/svn-parent-loc]
        * All projects covered
* Location 2  [SVNPath  /the-path/svn-parent-loc/project-X]
        * this project is covered by parent path as well
        * Project access/Authorization specific to a special limited user group

Apache Virtual Host 2
* SSL passed directly through to Apache
* client certificate authentication/authorization
* Read-only access for all repositories
* Location 3 [SVNParentPath /the-path/svn-parent-loc]

This does work; I can access all required resources with the appropriate credentials.  Conversely, without appropriate credentials, access is denied to the protected resources.  This was somewhat painful to setup.  I would recommend that a test case of a file move to a different directory be used as sanity check of proper operational behavior.  The SSL accelerator causes the biggest headache of which a file move typically will trigger a failure if the server is misconfigured.  Usually the problem is in the server name (had to specify http://server.x.y instead of https://server.x.y). This last statement assumes you are using a rewrite type rule as the various docs mention to handle the self-referential URL issues produced in this case.  I think various Subversion/Apache documentation gets you close but this last part could use more/improved examples (and maybe corrections).

I do have some concern about access to the same SVN DAV resources being available through multiple virtual hosts and location elements.  It seems possible that caching of various items (meta-data, etc) could cause stale results to get returned in some use cases.  This fear is somewhat driven by the fact that each location element specifies SVN DAV related items.  I have not looked into the mod_dav_svn ,etc to see if there is any intelligent aggregation of duplicated SVNPath info (for example) or whether everything is completely distinct.  My slight uncomfortableness is mitigated by the fact that most resources are not accessed by more than one or 2 users and usually via the same host/location.  In the few use cases where I expect differences in access, if I run into issues I think that various tweaks to cache/timeout type values can further mitigate the chance of stale data impacting  things.  Time will tell on this.  If time ever permits, I will try and review the SVN code myself or try to form some intelligent question for the various related forums/lists.

I don't think posting extra detail is wise in this area but hopefully what I did post may help someone solve a setup issue.