The image shows on-premises and site-to-site VPN being used to access a dynamic routing gateway into the OCI region. The OCI region is surrounded by a production virtual cloud network with a service gateway, internet gateway, and network address translation gateway.

There are two identical availability domains inside the production VCN: a primary, and a secondary for disaster recovery. The availability domains contain:

• A subnet with two OHS hosts. The OHS hosts in the primary availability domain and disaster recovery availability domain are connected to a load balancer. This load balancer connects to a web application firewall, the firewall then connects using HTTPS to the internet gateway.
• A private subnet with a private load balancer.
• A private subnet with K8s worker nodes and two K8s pods overlay networks. Within the worker nodes there are OAG agents, OIRI, OIG, and OAM. This private subnet uses persistent storage replication with the disaster recovery availability domain.
• A private subnet with K8s API endpoints.
• A private subnet with an autonomous database. The autonomous database connects with the disaster recovery availability domain using data guard replication.

An Oracle Services Network resides outside of the production virtual cloud network. The Oracle Services Network is comprised of various OCI services such as: Access Governance, OCI IAM, DNS, Bastion Service, OKE, Object Storage, Cloud Guard, and VSS.