This image shows the distributed architecture for deploying GitLab to enable CI/CD pipelines on OCI. It shows a single availability domain within an OCI region. Within this availability domain are two public subnets and a single private subnet. All three subnets are protected by a virtual cloud network (VCN).

The public subnets are addressed 10.0.0.0/24 and 10.0.1.0/24. Public subnet 10.0.0.0/24 contains a bastion server and public subnet 10.0.1.0/2 contains a load balancer. Both public subnets can access the cloud, outside the VCN, through an Internet Gateway.

The private subnet, addressed 10.0.2.0/24 contains

• Two GitLab servers,
• A Gitaly x2 server,
• A Prometheus + Grafana server,
• A Postgres database,
• Three GitLab runners, and
• A Redis server.

One Gitlab server connects to the bastion server in the public subnet; both also connect to the load balancer. The Gitaly server access the cloud via a NAT gateway while the Prometheus + Grafana server uses a service gateweay to access object storage external to the VCN. This object storage holds such data as backups, artifacts, external diffs, LFS uploads, packages, dependency proxies, and Terraform state pages.