This image shows the components that are described in the surrounding text and some of the connections between them.

A VCN is deployed with a public subnet and two private subnets, each spanning three fault domains within one availability domain. Each subnet has a route table and security list. A public subnet contains an active and a standby load balancer, each in their own fault domains. A private subnet contains a Container Engine For Kubernetes cluster with Service Mesh, consisting of an Ingress (Nginx) component and three sets of Front End and Microservices components (one in each fault domain). A second private subnet contains an autonomous database (spanning all three fault domins), containing an Orders PDB and an Inventory PDB.

Outside the VCN, the OCI deployment provides services including DNS, WAF, and DDoS, handling all traffic coming from the public internet and users which is then routed to the load balancers through an Internet Gateway. An Object Storage component contains static HTML and images, accessed from the public internet via a CDN, and also accessed from the OKE cluster through a NAT Gateway.

Users are authenticated via OCI IAM and otherwise access the site through the public internet.