The image shows a scenario where a user group initiates a GitHub Actions workflow. This workflow sets up and utilizes the OCI Bastion port-forwarding session to establish a connection with a Kubernetes private API endpoint. This endpoint is located within a private subnet, part of an OKE cluster in a VCN.

Another private subnet contains three availability domains with worker nodes, and ingress to the web and services.

A third private subnet contains two load balancers.

This entire OKE cluster connects to both a NAT gateway and on to the Internet, and to a service gateway connecting to an Oracle services network that includes: OCI Audit, OCI Notifications, OCI Logging, OCI Streaming, OCI Vault, and OCI Identity and Access Management.