The image shows 1 Oracle Cloud Infrastructure (OCI) region with 1 compartment with 3 availability domains, the Impulse Logic network and a retail environment. The region provides the following services:

• Authentication (IAM)
• Oracle Cloud Infrastructure Registry
• Oracle Cloud Infrastructure Object Storage for database backup
• Oracle Cloud Infrastructure Bastion service

Impulse Logic Network: IT users connect to OCI by using a site-to-site VPN. Incoming traffic is routed through a dynamic routing gateway (DRG).

Retailer: Retail employees interact with the retail management system (RMS) which provides data to an on-premises MerchandiseiQ service (MiQ) instance. The MiQ instance, as well and smart devices and retail analysts use REST APIs to interface with OCI through an Internet gateway.

OCI: The compartment contains 1 virtual cloud network (VCN) with the following gateways:

• Internet gateway: Provides communications between public subnets and internet hosts.
• Service gateway: VCNs communicate with services such as object storage over the Oracle network fabric without traversing the internet.
• Dynamic routing gateway (DRG): Provides private connectivity between on-premises networks and VCNs by using Site-to-Site VPN or FastConnect. A DRG can also route traffic between VCNs for remote peering.

The VCN includes 3 subnets, each of which provides a security list and a route table:

• Load balancer public subnet: Contains load balancers in availability domains 1 and 2 that manages REST API traffic from the retailer environment to the SLiQ application and worker nodes in the OKE namespace.
• OKE private subnet: Contains Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) cluster with a single namespace. The cluster provides 3 OKE SLiQ management nodes, one in each availability domain, and an instance of MiQ on OCI. Incoming traffic from the Impulse Logic network comes in through the DRG and is validated by the Bastion service before being handled by the OKE SLiQ management nodes.

  The MiQ on OCI instance interfaces with the OKE namespace that contains the following SLiQ application OKE worker nodes: machine learning, user service, web/mobile app interface, product service, and store service.

• Database Subnet: Provides Oracle Autonomous Transaction Processing which communicates with the namespace and MiQ instance in the OKE cluster and with object storage by using the service gateway.