This image shows an Oracle Cloud Infrastructure region that contains an availability domain with one VCN. The VCN has an Internet Gateway, a NAT Gateway, and a Service Gateway. Within the VCN there are two subnets:

• Subnet A is a public subnet that contains a Load Balancer.
• Subnet B is a private subnet that contains a Container Engine for Kubernetes.

Both subnets are available across three fault domains, and both have a route table and a security list.

The Container Engine for Kubernetes has a service to access the application, a custom resource that represents the Autonomous Database, and a deployment of your application with three pods. The Container Engine also includes three worker nodes.

Outside of the VCN, there is an Autonomous Database with High Availability, and a Container Registry.

Inbound traffic flows from the Internet Gateway to the Load Balancer in Subnet A, then to the application service in Subnet B.

In Subnet B, the Worker Nodes on the Container Engine use the Service Gateway to communicate with the Autonomous Database and the Container Registry. The Worker Nodes also use the NAT Gateway to route traffic back to the Internet Gateway.