The image shows an architecture diagram. An OCI Region contains an Availaibility Domain, which contains a Fault Domain. A VCN within the region contains a Public Subnet and a Private Subnet. Each Subnet has a Security list.

The Public subnet contains a Load Balancer and a Bastion Service instance.

The Private subnet has two Container Engine for Kubernetes deployments, one an Application Tier (PACS) and one a Database Tier (PostgreSQL). Within the Application Tier are Instance Pools and several Nodes. Within the Database Tier are StackGres and several Nodes. The two Tiers share an Object Storage instance deployed within the VCN.

Outside the VCN, but within the OCI Region, are several managed services: Cloud Guard, DDoS Protection, Encryption, IAM, Logging, and Auditing.

A User connects using WAF through an Internet Gateway on the VCN, through the Load Balancer in the Public Subnet, to the Application Tier.

On-Premises customer equipment connects via FastConnect to a DRG on the VCN.

Also shown on the VCN boundary are a NAT Gateway and a Service Gateway.