The image shows an Oracle Cloud Infrastructure (OCI) region that contains a GitHub code repository, a single availability domain, a virtual cloud network (VCN) and on public and one private subnet. The availability domain comprises three fault domains, Fault Domain 1, Fault Domain 2, and Fault Domain 3. The region's VCN and both subnets span the availability domain and all three fault domains. Access to the VCN from the region is through either an Internet Gateway, a NAT Gateway or a Service Gateway. A Container Registry resides on the border of the region and the VCN. Access to each subnet is controlled by a routing table and a security list.

Subnet A, the public subnet, contains a single load balancer, which resides in Fault Domain 2 and communicates bidirectionally with the GitHub code repository through the Internet Gateway.

Subnet B, the private subnet, contains a Container Engine for Kubernetes (OKE) instance, which itself contains an instance of Argo CD Server Service, an Argo namespace and namespaces for two associate applications. It also contains four Argo insances, each associated with its own Kubernetes pod. Three worker nodes span the Argo namespace and Fault Domain 1.

The load balancer directs inbound traffic from the GitHub code repository to an Argo CD server service. The Argo instances communicate bidirectionally with the NAT gateway, though which traffic flows to the Internet gateway and then between the GitHub code repository and the load balancer. Traffic also flows bidirectionally bewteen the Argo instances and the Service gateway. Traffic also flows bidirectionally between Service gateway and the worker nodes on the OKE and fault domain border and between the Service gateway and the Container Registry.