This reference architecture includes an OCI region with one availability domain and three fault domains.

Outside the OCI region is a customer data center where customer are using developer application and tools. The data center uses a Site-to-Site VPN or FastConnect to connect to a dynamic routing gateway in the OCI region.

Within the OCI region, there is a container registry and one VCN, defined as 10.0.0.0/16. The VCN includes the dynamic routing gateway, an internet gateway, and a service gateway.

Within the VCN are three subnets:

• Subnet 1: a public subnet, defined as 10.0.1.0/24, contains a Bastion Host in fault domain two.
• Subnet 2: a private subnet, defined as 10.0.2.0/24, contains an OKE cluster that is spread across all three fault domains.
• Subnet 3: a private subnet, defined as 10.0.3.0/24, contains an MDS cluster spread across all three fault domains, with the primary in fault domain one and secondaries in fault domains two and three.

Each subnet includes a security list and a route table.