Deploy Cloud Native Applications That Use Oracle MySQL Database Service to the Cloud

Set up a topology in the cloud to deploy containerized, cloud native applications and take advantage of managed, scalable services with the built-in redundancy and resiliency features of Oracle Cloud.

You can use the following services to develop and deploy cloud native applications and to migrate legacy applications to the cloud:

  • Oracle Container Engine for Kubernetes, sometimes abbreviated to OKE, is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. Use OKE when your development team wants to reliably build, deploy, and manage cloud native applications.

  • Oracle Cloud Infrastructure Registry enables you to use a private Docker registry for internal use, pushing and pulling Docker images to and from the registry using the Docker V2 API and the standard Docker command-line interface (CLI).

  • Oracle MySQL Database Service is a fully managed database service that enables organizations to deploy cloud native applications using the world's most popular open source database. It's 100% developed, managed, and supported by the MySQL team.


This reference architecture has an Oracle Container Engine for Kubernetes cluster, also known as an OKE cluster, Oracle MySQL Database Service, and Oracle Cloud Infrastructure Registry to accommodate developed and deployable cloud native applications.

The following diagram illustrates this reference architecture.

Description of deploy-cloud-native-apps.png follows
Description of the illustration deploy-cloud-native-apps.png

The architecture has the following components:

  • Bastion host

    The bastion host is a compute instance that serves as a secure, controlled entry point to the topology from outside the cloud. The bastion host is provisioned typically in a demilitarized zone (DMZ). It enables you to protect sensitive resources by placing them in private networks that can't be accessed directly from outside the cloud. The topology has a single, known entry point that you can monitor and audit regularly. So, you can avoid exposing the more sensitive components of the topology without compromising access to them.

    The bastion host in this architecture is used to access the nodes in the OKE cluster.

  • Container Engine for Kubernetes

    Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing tenancy. Container Engine for Kubernetes uses Kubernetes to automate the deployment, scaling, and management of containerized applications across clusters of hosts.

  • MySQL Database Service

    In this reference architecture, Oracle MySQL Database Service stores the application data.

  • Registry

    Oracle Cloud Infrastructure Registry is an Oracle-managed registry that enables you to simplify your development-to-production workflow. Registry makes it easy for you to store, share, and manage development artifacts, like Docker images. The highly available and scalable architecture of Oracle Cloud Infrastructure ensures that you can deploy and manage your applications reliably.

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domain

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Fault domain

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Security list

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • Dynamic routing gateway (DRG)

    The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

  • VPN Connect

    VPN Connect provides site-to-site IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

  • FastConnect

    Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

  • Service gateway

    The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.


Use the following recommendations as a starting point to deploy cloud native applications that are using Oracle MySQL Database Service.Your requirements might differ from the architecture described here.
  • Bastion host

    Use the VM.Standard1.1 shape with the latest Oracle Linux operating system.

  • OKE cluster

    Use the Custom Create option from the Console so that you can specify a VCN and subnet for deployment. Create a three-node cluster, and choose VM.Standard2.2 as the shape to start with. For larger deployments, you can use a larger cluster size with a higher Compute shape.

  • Container Registry

    Oracle manages the registry, so you don’t have to choose the size or any other options. We recommend creating a private registry for security best practices.

  • VCN

    When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.

    Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.

    After you create a VCN, you can change, add, and remove its CIDR blocks.

    When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

  • Security list

    Use security lists to define ingress and egress rules that apply to the entire subnet.

    Add ingress rules for TCP ports 3306 (MySQL port) and 33060 (MySQL X Protocol port) to the security list attached to the Oracle MySQL Database Service subnet. Open the relevant ports for the applications deployed on the OKE cluster by adding ingress rules to the security list attached to the OKE cluster. As egress rules to both the security lists to allow outbound traffic.


When deploying cloud native applications with the Oracle MySQL Database Service, consider the cost.

Select the VM shape based on the cores, memory, and network bandwidth that you need for your Oracle MySQL Database Service. You can start with a one-core shape. If you need more performance, memory, or network bandwidth for the database service, you can create a MySQL Database server with a larger shape and restore your database from the backup.

You can also scale up the cores of the VM nodes in your OKE cluster by changing them to a larger VM shape.

Explore More

Learn more about deploying cloud native applications that use Oracle MySQL Database Service to the cloud.

Review these additional resources: