This image shows an Oracle Cloud Infrastructure (OCI) compartment 3 availability domains, 2 virtual cloud networks (VCNs), with additional resources provided at the compartment level.
3 types of external access to the OCI compartment are shown:
- GitHub code processed with CircleCI are registered with Oracle Cloud Infrastructure Registry.
- Webshops, Client Systems (ERP or SCM), and End Users use a secure socket layer (SSL) connection and an internet gateway which allows access to public subnets.
- Or they use a content delivery network (CDN), AWS Route 53 DNS, with RabbitMQ messaging, and email service connected through a network address translation (NAT) gateway which enables hosts on the internet to access private resources in a VCN without exposing those resources to incoming internet connections.
The compartment provides the following services:
- Web application firewall (WAF)
- Oracle Cloud Infrastructure Identity and Access Management
- Policies and Statements
- Cloud Guard security
- Maximum security zone protection
VCN 1: The Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) VCN provides internet, NAT, and service gateways and the following subnets with security lists and route tables.
- OKE load balancer (LB) endpoint (public subnet): Contains load balancers in availability domains 1 and 2 that handle incoming traffic and hand it off to the OKE internal subnet.
- OKE internal (private subnet): Provides Oracle Container Engine for
Kubernetes with the following distributed across all 3 availability domains.
- E3 Flex virtual machine (VM)
- Logging agent
- Node.JS microservices pods
Requests and data coming from the OKE VCN use Oracle Cloud Infrastructure Registry, Key Vault, Oracle Autonomous Transaction Processing, Oracle Autonomous Data Warehouse, Oracle Cloud Infrastructure Object Storage for manual database backup buckets, and Oracle Analytics Cloud at the compartment level
VCN 2: The Blockchain VCN has a single subnet with a Blockchain primary node VM, and the following resources in an organizational group:
- Console VM
- Certificate authority VM
- REST Proxy VM
- Multiple Peer VMs
- Multiple Orderer VMs
- Channel: Retraced Chaincodes and Ledger