arvados (Apache2) defines a DBClient interface with the Arvados database operations, like CollectionList(Context, ListOptions) (CollectionListResponse, error). It also defines a Context interface that adds permission context to context.Context.
rpc (Apache2) implements arvados.DBClient by calling an Arvados controller's http service. It also provides an implementation of arvados.Context that wraps a token so it can be forwarded to the remote.
pgdb implements arvados.DBClient by doing PostgreSQL queries. Enforces permissions, validations, model integrity. It also implements a database-backed arvados.Context.
pgdb/container implements the Container/ContainerRequest methods of pgdb.DBClient. Also: pgdb/collection, pgdb/user, etc.
pgdbrow provides generic functions (used by pgdb/container et al.) to translate between object fields/transformations and SQL rows/statements.
model validates create/update operations (called by pgdb before doing insert/update statements)
federation implements arvados.DBClient by fanning out to multiple arvados.DBClient backends (typically one local and several remotes, to suit cluster config). Federation-unaware APIs fall through to a default pgdb.DBClient.
router maps HTTP requests to actions by checking auth scope and calling the appropriate arvados.DBClient method.
server listens on a port and serves http requests. Handler gets an arvados.Context from the (caller-provided) arvados.DBClient, and passes the request to a Router.
controller reads a cluster config file and starts a server backed by a federation.DBClient.