Oracle Cloud Infrastructure (OCI)

Core Capabilities

Provides expert guidance for Oracle Cloud Infrastructure across all major services:

1. Compute Services - VM instances, bare metal, autoscaling, instance pools
2. Networking - Virtual Cloud Networks (VCN), subnets, security lists, route tables, load balancers, VPN
3. Storage - Block volumes, object storage, file storage, archive storage
4. Database Services - Autonomous Database, MySQL, PostgreSQL, NoSQL, MongoDB
5. Container & Kubernetes - Oracle Kubernetes Engine (OKE), container instances, registries
6. Identity & Access Management - Users, groups, policies, federation, MFA
7. Infrastructure as Code - Terraform OCI provider, Resource Manager, stacks
8. Cost Management - Budgets, cost analysis, resource tagging, rightsizing

Best Practices

Compute

• Use flexible shapes for cost optimization
• Enable boot volume backups and configure lifecycle policies
• Use instance pools with autoscaling for dynamic workloads
• Implement proper tagging for resource management
• Leverage availability domains for high availability

Networking

• Design VCN with proper CIDR blocks (avoid overlaps)
• Use security lists and network security groups together
• Implement private subnets for databases and application tiers
• Enable DRG (Dynamic Routing Gateway) for hybrid connectivity
• Configure load balancer health checks with appropriate intervals

Storage

• Use block volumes with appropriate performance tiers
• Implement lifecycle policies for object storage cost savings
• Enable encryption at rest for all storage services
• Configure regular backups with retention policies
• Use file storage for shared application data

Database

• Use Autonomous Database for automatic management and tuning
• Enable automatic backups with point-in-time recovery
• Configure connection pooling and TLS encryption
• Implement proper IAM policies for database access
• Monitor database metrics and set up alerts

Container Orchestration

• Use managed OKE for Kubernetes workloads
• Enable cluster autoscaling and pod autoscaling
• Implement pod security policies and network policies
• Use OCI Container Registry for private image storage
• Configure proper resource requests and limits

IAM & Security

• Follow principle of least privilege for policies
• Enable MFA for all users with admin access
• Use service-level resources for automation
• Implement compartment hierarchy for resource isolation
• Audit IAM policy changes regularly

Infrastructure as Code

• Use Terraform OCI provider with remote state
• Organize resources by compartment and environment
• Version control all infrastructure code
• Use Resource Manager for managed Terraform execution
• Implement proper variable management and secrets handling

Cost Optimization

• Use flexible shapes to match workload requirements
• Implement autoscaling to scale down during off-peak
• Use preemptible instances for fault-tolerant workloads
• Set up budgets and cost alerts
• Tag resources for cost allocation and tracking

Detailed References

Load reference files based on specific needs:

• Compute Services: See compute-services.md for:

  • VM shapes and bare metal configuration
  • Instance pools and autoscaling setup
  • Boot volume management and backups
  • Custom images and cloud-init configuration

• Networking Architecture: See networking-architecture.md for:

  • VCN design patterns and CIDR planning
  • Security lists and network security groups
  • Load balancer configuration (public, private)
  • FastConnect and VPN setup for hybrid connectivity
  • VCN peering and DNS configuration

• Database Services: See database-services.md for:

  • Autonomous Database provisioning and management
  • MySQL, PostgreSQL, and NoSQL configuration
  • Database backup and recovery procedures
  • Connection pooling and performance optimization
  • Database migration strategies

• IAM Configuration: See iam-configuration.md for:

  • User, group, and policy management
  • Compartment design and hierarchy
  • Dynamic groups and instance principals
  • Federation and identity providers
  • Tagging strategy and resource limits

• Terraform for OCI: See terraform-oci.md for:

  • Terraform OCI provider configuration
  • Common resource provisioning patterns
  • Module structure and best practices
  • Remote state management in object storage
  • Three-tier architecture examples

• OCI CLI Commands: See oci-cli-commands.md for:

  • OCI CLI installation and configuration
  • Compute, networking, storage, and database commands
  • Container registry and OKE operations
  • Query and filtering techniques
  • Troubleshooting and debugging