Oracle Cloud Functions Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Application Development

1. Introduction

Oracle Cloud Functions is Oracle Cloud Infrastructure (OCI) serverless “Function as a Service” (FaaS). You write small pieces of code (functions), package them as container images, deploy them to OCI, and run them on-demand without managing servers.

In simple terms: you deploy code, OCI runs it when triggered, and you pay primarily for execution (plus any related services you use). Functions is a good fit for event-driven automation, API backends, data processing, and glue logic between OCI services.

Technically, OCI Functions is built around the idea that every function is a container-based workload managed by OCI. You develop using supported runtimes (and/or custom container images), push function images to OCI Container Registry (OCIR), and OCI runs those images in a managed environment that scales with demand (within service limits). Functions integrates with OCI IAM, VCN networking, Logging, Monitoring, Events, and API Gateway.

What problem it solves: it removes the need to provision and manage servers (or Kubernetes) for short-lived, bursty, event-driven compute. It also provides a clean operational model: standardized deployment, centralized policy control, built-in observability integrations, and predictable cost drivers.

Service name note: In Oracle documentation and the OCI Console, this service is commonly referred to as OCI Functions. The primary service name used in this tutorial is Functions, and it is an active OCI service. Verify any recent naming or feature changes in the official docs: https://docs.oracle.com/iaas/Content/Functions/home.htm

2. What is Functions?

Official purpose (in OCI terms): Functions is a managed serverless compute service on Oracle Cloud that lets you run code in response to events or direct invocations, without managing infrastructure. You deploy functions and OCI handles scheduling, scaling, and execution.

Core capabilities

Run code on demand via direct invocation (CLI/SDK/API), event triggers, or API front-ends (for example, OCI API Gateway).
Package and deploy as container images, typically stored in OCI Container Registry (OCIR).
Integrate with OCI IAM for access control, and use OCI-native identity patterns to call other OCI services.
Connect to your VCN: functions run attached to subnets you choose, enabling access to private resources (databases, private endpoints).
Observability hooks with OCI Logging and Monitoring (metrics).

Major components (how you think about it in OCI)

Application: a logical grouping of functions with shared configuration, including the VCN subnet(s) that functions run in.
Function: the deployable unit; references a container image, runtime configuration (such as memory/timeout), and environment/config variables.
OCIR (Container Registry): typically stores the container images for functions.
Invoke endpoint: a service endpoint used for invoking functions (often via signed requests).
IAM policies: control who can deploy, update, and invoke functions.
Networking resources: VCN, subnets, route tables, gateways depending on whether your function needs outbound internet or private-only access.
Logging/Monitoring: logs and metrics for operations teams.

Service type and scope

Service type: managed serverless compute (FaaS) using container images.
Scope: Functions resources (applications/functions) are created within an OCI region and scoped by compartment (standard OCI governance model).
Functions are regional resources (region-specific).
Network attachment is to regional VCN subnets.
IAM policies can be tenancy-wide and/or compartment-scoped.

How it fits into the Oracle Cloud ecosystem

Functions is part of OCI’s Application Development toolset and is commonly used with: – API Gateway to expose functions as HTTP APIs – Events to trigger functions on OCI resource changes – Object Storage for data ingestion and processing – Streaming for event-driven pipelines – Autonomous Database / MySQL Database Service for data persistence – Vault for secrets management – Logging / Monitoring / Audit for operations and security governance

Official docs entry point: https://docs.oracle.com/iaas/Content/Functions/home.htm

3. Why use Functions?

Business reasons

Faster time-to-value: focus on application logic instead of server provisioning and patching.
Pay-for-use model: a good fit when workloads are spiky, periodic, or unpredictable.
Shorter delivery cycles: small functions encourage incremental delivery and easier change management.

Technical reasons

Event-driven design: functions naturally support reactive systems (process an event, transform data, call an API, update a database).
Container-based packaging: consistent dev/prod behavior and support for custom dependencies (within service constraints).
Simple integration patterns: Functions fits well as “glue code” between OCI services.

Operational reasons

Reduced ops overhead: no server fleet, no cluster management, fewer patch cycles.
Standardized deployments: function deployments are consistent artifacts (container images).
Built-in observability integration: integrate logs/metrics into OCI’s operations ecosystem.

Security / compliance reasons

IAM-controlled access: explicit policies for deployment and invocation.
Network boundary controls: run functions inside your VCN subnets to reach private services.
Auditable operations: OCI Audit can record API operations (verify what’s captured in your tenancy’s Audit configuration).

Scalability / performance reasons

Automatic scaling: functions scale based on demand, within service limits and quotas.
Concurrency without pre-provisioning: ideal when bursts happen and you don’t want idle servers.

When teams should choose Functions

Choose Functions when: – Work is short-lived and can finish within function time limits. – You want event-driven automation (e.g., object uploaded → process → store results). – You’re building API backends with API Gateway in front. – You need private VCN access without running a full container platform.

When teams should not choose it

Avoid (or carefully evaluate) Functions when: – Workloads are long-running, CPU-heavy, or require specialized hardware. – You need stateful services (functions should be stateless; externalize state). – You require very low and consistent latency (cold starts may matter). – You need deep control over OS/kernel, or long-lived connections not well-suited to FaaS patterns. – You have very high, constant throughput where a steady container service may be more cost-effective (evaluate OCI Container Instances, OKE, or Compute).

4. Where is Functions used?

Industries

SaaS and ISVs building multi-tenant backends
Finance for automation, reporting pipelines, and event-driven governance (with careful security controls)
Retail/e-commerce for image processing, notifications, and order event handling
Media for transcoding triggers and metadata extraction (often paired with specialized services)
Enterprise IT for operational automation and workflow glue

Team types

Application development teams building APIs and microservices
Platform/DevOps teams automating provisioning and policy tasks
Data engineering teams building event-driven pipelines
Security teams implementing compliance automation (detect → respond workflows)

Workloads

Webhook receivers and lightweight APIs
Data transformations, enrichment, and validation
Scheduled jobs (often via an external scheduler pattern, or event-based triggers)
File processing pipelines
Infrastructure automation triggers

Architectures

Event-driven architectures (EDA)
Microservices architectures (functions as edge handlers or adapters)
Hybrid patterns: functions connecting on-prem or private cloud to OCI via VPN/FastConnect (network design permitting)

Real-world deployment contexts

Production: event processing, API backends, operations automation, data pipeline steps
Dev/test: rapid prototypes, integration testing hooks, sandbox automation
Internal tooling: chatops responders, ticket automation, periodic data snapshots

5. Top Use Cases and Scenarios

Below are realistic use cases where Oracle Cloud Functions is commonly a good fit. Each includes the problem, why Functions fits, and a short scenario.

1) Object Storage file processing (ETL trigger)

Problem: You need to process files immediately when they land in Object Storage (validate, transform, extract metadata).
Why Functions fits: short-lived, event-driven processing is a classic FaaS pattern.
Example: A CSV uploaded to an Object Storage bucket triggers a function that validates schema and writes results into a database.

2) Image resizing and thumbnail generation

Problem: Your app needs thumbnails for uploaded images.
Why Functions fits: easy to scale per upload; no need for a permanently running service.
Example: When a user uploads a product image, a function generates thumbnails and stores them back to Object Storage.

3) API backend for lightweight endpoints (with API Gateway)

Problem: You need a small REST endpoint without managing servers.
Why Functions fits: pair with API Gateway for routing, auth, and throttling.
Example: /health, /lookup, /quote, /webhook endpoints implemented as functions.

4) Event-driven notifications

Problem: Send notifications when something changes in your system.
Why Functions fits: functions can react to events and call email/SMS/chat integrations.
Example: A database update triggers an event pipeline that invokes a function to post a message into a chat channel.

5) Security response automation

Problem: Respond quickly to policy violations or suspicious activity.
Why Functions fits: implement automated remediation steps with least privilege.
Example: A detection event triggers a function that tags a resource, opens a ticket, and disables public access (where appropriate).

6) Scheduled maintenance automation (external trigger pattern)

Problem: You need periodic tasks like cleanup, report generation, and reconciliation.
Why Functions fits: tasks run briefly and predictably.
Example: A scheduled trigger invokes a function nightly to archive logs or delete expired temporary objects.

7) Data enrichment for streaming events

Problem: You ingest events and must enrich them before storage.
Why Functions fits: stateless enrichment is a natural function workload.
Example: Events are read from Streaming; a function enriches them with lookup data and forwards results to another system.

8) Webhook receiver for SaaS integrations

Problem: Receive webhooks from external systems (payment provider, CRM, Git).
Why Functions fits: bursty inbound traffic, minimal API surface.
Example: Payment provider sends webhook events; function validates signature and posts to your internal event bus.

9) “Glue” for multi-service workflows

Problem: Integrate several OCI services (Object Storage → AI service → DB).
Why Functions fits: glue logic is typically small, stateless, and event-driven.
Example: A document uploaded triggers OCR processing; results are saved to Object Storage and indexed into a search system.

10) DevOps automation hooks

Problem: Trigger tasks from CI/CD events (tag image, update config, run smoke test).
Why Functions fits: reactive automation that scales with pipeline events.
Example: A build completion event triggers a function that writes a deployment record and updates a dashboard.

11) Lightweight authentication/authorization adapter (edge logic)

Problem: You must implement custom token checks or request enrichment.
Why Functions fits: small request pre-processing steps can be functions behind API Gateway.
Example: API Gateway routes to a function that validates a custom header and forwards to a backend service.

12) Multi-tenant metering / usage aggregation

Problem: Aggregate tenant usage events into daily summaries.
Why Functions fits: periodic aggregation jobs with bursty compute.
Example: A function processes daily usage files and stores summarized billing metrics.

6. Core Features

Functions capabilities evolve over time; verify the latest details in the official documentation. The following are core, commonly used features of Oracle Cloud Functions today.

1) Serverless execution of functions (FaaS)

What it does: runs your function code on-demand in a managed environment.
Why it matters: you don’t manage servers or clusters for these workloads.
Practical benefit: faster delivery with fewer operational tasks.
Caveats: functions have execution limits (timeout, memory, payload sizes). Verify service limits in official docs.

2) Container-image-based packaging (typically via OCIR)

What it does: functions are packaged as container images and executed by the service.
Why it matters: consistent packaging, dependency control, and better parity between environments.
Practical benefit: use language dependencies and system packages within supported constraints.
Caveats: image sizes and build practices affect cold start and deployment time; registry access requires correct networking.

3) Applications as a deployment boundary (shared configuration)

What it does: groups functions under an application with shared config (including subnet attachments).
Why it matters: it’s the primary way to manage network placement and shared settings.
Practical benefit: consistent network policy and configuration across a group of functions.
Caveats: designing applications too broadly can complicate permissions and networking; too narrowly can increase management overhead.

4) VCN networking integration

What it does: places function execution into your selected VCN subnet(s).
Why it matters: you can reach private resources such as databases in private subnets.
Practical benefit: keep traffic private and controlled.
Caveats: if your functions need to pull images from OCIR or call public endpoints, your subnet routing must allow it (e.g., Internet Gateway for public subnet, or NAT/Service Gateway patterns for private subnets). Exact requirements depend on your architecture—verify in official docs.

5) IAM-based access control (deploy, manage, invoke)

What it does: uses OCI IAM policies to control administrative and invocation actions.
Why it matters: supports least-privilege governance.
Practical benefit: separate duties across developers, operators, and security teams.
Caveats: misconfigured policies are a common cause of deployment failures; plan policies early.

6) Configuration via environment variables (application/function config)

What it does: lets you set configuration variables at app or function level.
Why it matters: supports twelve-factor principles (config separated from code).
Practical benefit: promote the same image across environments with different configs.
Caveats: don’t store secrets as plain config; use Vault or appropriate secret patterns.

7) Logging and metrics integration

What it does: integrates with OCI observability services for logs and metrics.
Why it matters: production operations require consistent observability.
Practical benefit: troubleshoot failures, measure latency, track error rates, and set alerts.
Caveats: logging volume can become a cost driver; implement structured logging and log sampling where appropriate.

8) Event-driven invocation patterns (with OCI services)

What it does: functions can be invoked via OCI-native eventing patterns (for example OCI Events) and other services that can call Functions.
Why it matters: enables reactive architectures.
Practical benefit: build “if-this-then-that” automation at cloud scale.
Caveats: event delivery semantics, retries, and ordering depend on the triggering service; design functions to be idempotent.

9) Multi-runtime development via tooling (Fn-based workflow)

What it does: supports development workflows using Fn tooling and/or custom containers.
Why it matters: reduces friction to build and deploy functions.
Practical benefit: local development patterns and repeatable builds.
Caveats: tooling versions matter; align your fn CLI version with supported workflows in OCI docs.

7. Architecture and How It Works

High-level service architecture

At a high level, Oracle Cloud Functions works like this:

You write code and package it as a container image (often using supported Function Development Kit patterns and the fn CLI).
You push the image to OCI Container Registry (OCIR).
You create an Application in Functions and attach it to one or more VCN subnets.
You deploy Functions into the Application (each function references an image in OCIR).
Invocations arrive (direct, via API Gateway, or via events).
OCI runs the container image for your function and returns a response (or processes the event).

Request / data / control flow

Control plane: create/update apps and functions via OCI Console, CLI, or APIs; IAM policies govern these operations.
Data plane: function invocation traffic flows through the Functions invoke endpoint; function execution occurs in your specified subnet(s); function then calls other services (databases, Object Storage, external APIs) as needed.

Integrations with related OCI services (common patterns)

API Gateway → Functions: publish HTTP endpoints with routing and auth in front.
Events → Functions: respond to OCI resource events.
Object Storage → Events → Functions: process uploads/changes.
Streaming / Service Connector Hub → Functions: build streaming pipelines and transformations.
Vault → Functions: retrieve secrets securely (implementation pattern depends on your security model).
Logging / Monitoring / Alarms: operational visibility and alerting.

Dependency services you should plan for

OCI Container Registry (OCIR): store function images.
VCN networking: subnets and routing to allow necessary connectivity (registry access, external calls, private service endpoints).
IAM: policies for users/groups and for runtime identities (if functions call other OCI services).
Logging/Monitoring: set up log groups and alarms for production.

Security / authentication model (conceptual)

Admin actions (create/deploy): authorized by OCI IAM policies assigned to users/groups (or dynamic groups for automation).
Invocation: can be authenticated/authorized using OCI request signing (common for internal service-to-service invocation), or fronted by API Gateway which can handle external authentication patterns.
Calling other OCI services from a function: commonly done using OCI SDKs and an OCI-native identity pattern (for example, a resource identity approach such as resource principals). Exact configuration is security-sensitive—verify recommended approaches in official docs.

Networking model (how to reason about it)

Functions execute inside your VCN subnet(s).
If the function must:
Pull its container image from OCIR, and/or
Send logs/metrics, and/or
Call public APIs
then the subnet must have appropriate egress connectivity (public subnet with Internet Gateway, or private subnet with NAT/Service Gateway as appropriate).

Design tip: Prefer private subnets for production and explicitly design egress via NAT/Service Gateway patterns. Use public subnets only when you have a clear reason and strong controls.

Monitoring / logging / governance considerations

Use structured logging and include request IDs/correlation IDs.
Monitor:
invocation count
error count
latency/duration
throttling and timeouts (where exposed)
Apply consistent tagging (cost center, environment, owner).
Enforce least privilege IAM policies and compartment boundaries.

Simple architecture diagram (Mermaid)

flowchart LR
  Dev[Developer laptop] -->|fn deploy| OCIR[OCI Container Registry (OCIR)]
  OCIR --> Functions[Oracle Cloud Functions\n(Application + Function)]
  Client[Internal client/CLI/SDK] -->|invoke| Functions
  Functions --> Logs[OCI Logging]

Production-style architecture diagram (Mermaid)

flowchart TB
  subgraph Internet
    User[End User / Partner System]
  end

  subgraph OCI_Region[OCI Region]
    APIGW[OCI API Gateway]
    EVT[OCI Events]
    OBJ[OCI Object Storage]
    OCIR[OCI Container Registry (OCIR)]
    LOG[OCI Logging]
    MON[OCI Monitoring/Alarms]
    VAULT[OCI Vault]

    subgraph VCN[Customer VCN]
      subgraph AppSubnet[Functions Subnet(s)]
        FN[Functions\n(Applications + Functions)]
      end
      DB[(Private Database)]
      NAT[NAT Gateway or egress pattern\n(architecture-specific)]
    end
  end

  User -->|HTTPS| APIGW -->|Function backend| FN
  OBJ -->|Object change| EVT -->|Trigger| FN
  FN -->|Pull image| OCIR
  FN -->|Write logs| LOG
  LOG --> MON
  FN -->|Fetch secrets (pattern)| VAULT
  FN -->|Private access| DB
  FN -->|Outbound calls| NAT

8. Prerequisites

This tutorial includes a hands-on lab. Before you start, make sure you have the following.

OCI account / tenancy requirements

An Oracle Cloud account with access to OCI Console.
A compartment where you can create:
VCN resources (VCN, subnets, gateways as needed)
Functions application and functions
OCIR repositories (or permission to push images)

Permissions / IAM requirements

You need OCI IAM permissions that cover: – Functions resources (applications/functions) – Networking resources (VCN/subnets) – OCIR (Container Registry) repositories for pushing images – Logging resources if your workflow requires creating log groups

OCI IAM policies differ by organization. Start by reviewing the official documentation for required policy statements and adjust for least privilege: – Functions docs: https://docs.oracle.com/iaas/Content/Functions/home.htm – IAM docs: https://docs.oracle.com/iaas/Content/Identity/home.htm

If you’re in a locked-down enterprise tenancy, coordinate with your OCI administrators to provision: – a compartment – a group + policies (or dynamic group if automation uses instance/resource identities) – access to OCIR and necessary networking

Billing requirements

A billing-enabled tenancy is typically required for non-free usage.
If you’re using OCI Free Tier or Always Free resources, verify eligibility and what Functions usage is included (if any) in the official pricing pages. Do not assume free invocations without verifying.

Tools you’ll need on your workstation

Docker (for building/pushing function images)
Fn CLI (fn) for building/deploying/invoking functions using the standard workflow
OCI CLI (oci) for account setup/verification (optional but helpful)
A code editor (VS Code or similar)
Runtime tooling for your chosen language (this lab uses Python)

Tooling and setup vary by OS; follow official installation instructions: – OCI CLI: https://docs.oracle.com/iaas/Content/API/SDKDocs/cliinstall.htm – Fn Project CLI (upstream): https://fnproject.io/ (verify current instructions) – Docker: https://docs.docker.com/get-docker/

Region availability

Functions availability varies by region. Verify via OCI region/service availability information:
OCI regions overview: https://www.oracle.com/cloud/regions/
OCI Console also shows service availability per region.

Quotas / limits

Functions and related services have limits (for example: number of applications, function memory/timeouts, image sizes, concurrency). Also, your tenancy may have quotas. – In OCI Console, check Limits, Quotas and Usage. – Verify limits in the Functions documentation (service limits page): https://docs.oracle.com/iaas/Content/Functions/home.htm (navigate to limits)

Prerequisite services

OCI Container Registry (OCIR) access
VCN subnet(s) for the Functions application
(Optional) API Gateway if you want to publish a public HTTP endpoint

9. Pricing / Cost

Pricing changes over time and can differ by region and contract. Use official Oracle pricing sources for current rates and always validate with the cost estimator.

Current pricing model (high-level)

Oracle Cloud Functions pricing is typically driven by: – Number of function invocations (requests) – Execution duration (how long your function runs) – Memory allocated (execution cost often scales with allocated memory and duration) – Possibly other execution-related dimensions depending on current OCI pricing terms

Because exact SKUs and rates can vary, use these official sources: – Oracle Cloud Pricing overview: https://www.oracle.com/cloud/pricing/ – Oracle Cloud price list: https://www.oracle.com/cloud/price-list/ – Oracle Cloud Cost Estimator: https://www.oracle.com/cloud/costestimator.html

Free tier considerations

OCI Free Tier and Always Free offerings vary by service and region. – Do not assume that Functions invocations are Always Free. – Check the current Oracle Free Tier page and Functions pricing pages for what is included: – Free Tier: https://www.oracle.com/cloud/free/

Cost drivers (what increases your bill)

Direct cost drivers: – High invocation volume (e.g., high-traffic APIs) – Long-running functions (slow code, waiting on external calls) – Over-allocating memory for functions that don’t need it

Indirect/hidden cost drivers: – API Gateway costs if you front functions with API Gateway – OCIR storage for container images and retention policies – Logging ingestion and retention costs if you log excessively – Network egress costs if functions call external internet endpoints or move large payloads out of OCI – Data access costs in downstream services (Object Storage reads, database consumption, streaming throughput)

Network and data transfer implications

If your function moves data between OCI regions, or sends data to the public internet, egress charges may apply.
If your function runs in a private subnet and uses NAT, the architecture can influence routing and egress patterns. Design intentionally:
Keep traffic within OCI where possible
Avoid unnecessary large payloads in function responses

How to optimize cost

Right-size memory: use the smallest memory setting that meets performance needs.
Reduce duration:
optimize code paths
reuse connections where supported
avoid unnecessary cold starts (keep images small)
Control logging volume:
log errors and key events
avoid logging large payloads
Prefer event payload references (object name, OCID) over raw blobs.
Consider alternatives for constant heavy workloads:
OCI Container Instances, OKE, or Compute may be cheaper for steady-state traffic.

Example low-cost starter estimate (method, not fabricated numbers)

A simple way to estimate: 1. Determine monthly invocations (e.g., N requests/month) 2. Measure average duration (seconds) 3. Choose memory setting (GB) 4. Compute GB-seconds = N * duration_seconds * memory_GB 5. Add: – API Gateway (if used) – logging ingestion/retention – OCIR storage – network egress

Then plug the usage into the OCI cost estimator: https://www.oracle.com/cloud/costestimator.html

Example production cost considerations

In production, the biggest surprises are usually: – API endpoints with unexpectedly high traffic (requests explode) – slow downstream dependencies (duration increases) – verbose logs at scale (logging becomes non-trivial) – data egress (especially if functions call external SaaS APIs with large payloads)

Recommendation: implement budget alerts and monitor invocation/error metrics early, even in pre-production.

10. Step-by-Step Hands-On Tutorial

This lab deploys a small Python function to Oracle Cloud Functions using a standard container-based workflow and invokes it to verify it works.

Objective

Deploy and invoke a simple “hello” function on Oracle Cloud Functions (OCI Functions) with minimal infrastructure and cost.

Lab Overview

You will: 1. Prepare OCIR authentication (so your workstation can push images) 2. Create a VCN subnet and a Functions application 3. Install/configure Fn CLI context for OCI 4. Create a Python function locally 5. Deploy the function to OCI (push image to OCIR, create/update function) 6. Invoke the function and validate the output 7. Clean up resources to avoid ongoing costs

Step 1: Choose a compartment and region

In the OCI Console, select the region you want to use (top navigation).
Navigate to Identity & Security → Compartments.
Choose an existing compartment (recommended) or create a new one (if permitted).

Expected outcome: You have a target compartment and region for all lab resources.

Verification: – You can view the compartment OCID (click the compartment → copy OCID).

Step 2: Create (or select) a VCN and subnet for Functions

Functions applications must be associated with subnet(s). For a beginner lab, a public subnet is the simplest path, but for production you usually prefer private subnets with controlled egress.

Option A (simplest lab): Create a VCN with a public subnet 1. Go to Networking → Virtual Cloud Networks. 2. Click Create VCN. 3. Choose VCN with Internet Connectivity (wording may differ by console version). 4. Provide: – VCN name (e.g., functions-lab-vcn) – Compartment 5. Create.

This typically creates: – VCN – Internet Gateway – Route tables – Public subnet

Expected outcome: You have a VCN and at least one subnet suitable for attaching to a Functions application.

Verification: – Open the subnet and copy the Subnet OCID (you’ll need it).

Production note (important): For production, design private subnets and use NAT/Service Gateway patterns as recommended by OCI. The exact required egress for OCIR access depends on your network design; verify in official docs.

Step 3: Create a Functions Application (Console)

Go to Developer Services → Functions (console navigation can vary; search for “Functions”).
Click Applications → Create Application.
Provide: – Name: functions-lab-app – Compartment: your chosen compartment – VCN: select your lab VCN – Subnet(s): select the subnet OCID from Step 2
Create.

Expected outcome: An application exists and shows an invoke endpoint in the application details.

Verification: – Open the application details page. – Confirm the application lists the subnet(s) and shows an invoke endpoint.

Step 4: Prepare OCIR authentication (Auth Token)

To deploy functions, you will push container images to OCIR. A common approach is to use an Auth Token for your OCI user.

In OCI Console, go to Identity & Security → Users.
Open your user.
Find Auth Tokens and generate a new token (name it like functions-lab-token).
Copy the token value immediately (you won’t see it again).

You also need: – Your tenancy namespace (OCIR namespace) – Your region key for the registry endpoint

Where to find OCIR details: – Go to Developer Services → Container Registry. – Identify the OCIR endpoint and namespace shown in your tenancy/region.

Expected outcome: You have an auth token and the OCIR endpoint components needed for docker login.

Verification: You have these values written down: – REGION_KEY (example formats vary by region) – TENANCY_NAMESPACE – OCI_USERNAME (your OCI username, sometimes an email) – AUTH_TOKEN

If you’re unsure about the correct OCIR endpoint format for your region, verify in the OCI Console Container Registry page or official docs. Avoid copying example endpoints blindly across regions.

Step 5: Install and verify local tools (Docker + Fn CLI)

On your workstation:

Verify Docker:

docker --version
docker ps

Verify Fn CLI:

fn version

If fn is not installed, install it using the official Fn Project instructions and then re-check fn version: https://fnproject.io/ (verify latest steps)

Expected outcome: Both Docker and Fn CLI are installed and runnable.

Verification: Commands return versions without errors.

Step 6: Docker login to OCIR

Use docker login to authenticate to OCIR.

General pattern (verify exact endpoint in your tenancy/region):

docker login <region-key>.ocir.io

Username format commonly follows:

<tenancy-namespace>/<oci-username>

Example (replace placeholders with your values):

export REGION_KEY="<your_region_key>"
export OCIR_ENDPOINT="${REGION_KEY}.ocir.io"
export TENANCY_NAMESPACE="<your_tenancy_namespace>"
export OCI_USERNAME="<your_oci_username>"

docker login "${OCIR_ENDPOINT}" \
  --username "${TENANCY_NAMESPACE}/${OCI_USERNAME}" \
  --password "<your_auth_token>"

Expected outcome: Docker reports Login Succeeded.

Verification: – If login succeeds, Docker can push images to OCIR.

Common error: – unauthorized: authentication required → wrong username format or wrong token. Re-check token, namespace, endpoint.

Step 7: Configure Fn CLI context for Oracle Cloud Functions

Fn CLI uses a context to know: – which provider (Oracle) – which Functions API endpoint to use – which OCIR registry to push images to – which compartment to deploy into

You will need: – Compartment OCID (from Step 1) – Functions API endpoint for your region (see application details / docs) – Registry path

Create a context (replace placeholders; verify API URL for your region in official docs or application details):

fn create context oci-lab --provider oracle
fn use context oci-lab

Set required context values (names can vary slightly by Fn/OCI integration version; verify in official docs if a command fails):

# OCI CLI profile name (commonly DEFAULT if you configured ~/.oci/config)
fn update context oracle.profile DEFAULT

# Compartment OCID where the Functions app exists
fn update context oracle.compartment-id "<your_compartment_ocid>"

# Registry where images will be pushed (OCIR)
fn update context registry "${OCIR_ENDPOINT}/${TENANCY_NAMESPACE}/functions"

# Functions API URL (region-specific) - verify the correct endpoint in official docs
fn update context api-url "https://functions.<your-region-identifier>.oci.oraclecloud.com"

If you have trouble determining the correct Functions API URL, verify in the official Functions documentation or the OCI Console for your region. Do not guess the endpoint.

Expected outcome: Fn context is configured for Oracle.

Verification:

fn list apps

You should see your functions-lab-app listed (if permissions are correct and the endpoint is correct).

Step 8: Create a Python function locally

Create a new directory and initialize a function:

mkdir -p oci-functions-lab
cd oci-functions-lab

fn init --runtime python hello-fn
cd hello-fn

Review the generated files. You should see files like func.py and func.yaml (exact names depend on templates).
Optionally edit the function to return JSON. A simple pattern might look like this (keep it minimal and compatible with your generated template). For example:

# func.py
import io
import json

def handler(ctx, data: io.BytesIO=None):
    name = "world"
    try:
        body = json.loads(data.getvalue().decode("utf-8")) if data else {}
        name = body.get("name", name)
    except Exception:
        pass

    return {
        "message": f"Hello, {name} from Oracle Cloud Functions!"
    }

Expected outcome: You have a function project ready to deploy.

Verification: – The folder contains a func.yaml and your handler file. – You can commit this to git (optional) for change tracking.

Step 9: Deploy the function to your Functions application

Deploy using Fn CLI, targeting the application you created earlier.

From inside the function directory:

fn deploy --app functions-lab-app

What typically happens: – Fn builds a container image locally – pushes the image to OCIR – creates/updates the function in your OCI application

Expected outcome: The deploy completes successfully and prints a function OCID or deploy summary.

Verification (Console): 1. Open Developer Services → Functions → Applications → functions-lab-app 2. Confirm a function named hello-fn appears.

Common errors and fixes: – Permission denied (OCIR push): ensure your user/group has permission to manage/push to Container Registry repositories and that Docker login succeeded. – Network/image pull issues at runtime: confirm subnet routing allows access to OCIR and required OCI endpoints (architecture-specific).

Step 10: Invoke the function

You can invoke using Fn CLI:

echo -n '{"name":"OCI"}' | fn invoke functions-lab-app hello-fn

Expected outcome: You see a JSON response similar to:

{"message":"Hello, OCI from Oracle Cloud Functions!"}

Verification (Logs): – In the OCI Console, check the function’s logs via the Logging integration (exact navigation can vary). If logs aren’t visible, confirm logging is enabled/configured for the service in your tenancy and that you have permission to view logs.

Validation

Use this checklist: – [ ] Application exists and is associated with the correct subnet(s) – [ ] Function appears in the application – [ ] Invocation returns the expected JSON message – [ ] Logs show execution entries (if logging is enabled and configured) – [ ] No unexpected networking errors (image pull, timeouts)

Troubleshooting

Common issues you can resolve quickly:

fn list apps shows nothing / fails – Verify: – correct region endpoint (api-url) – correct compartment OCID – IAM permissions to read/manage functions in that compartment
docker login fails – Re-check: – OCIR endpoint for your region – tenancy namespace – username format – auth token (not your console password)
fn deploy fails with authorization errors – Likely missing IAM policies for: – Functions management in the compartment – OCIR repository management/push – (sometimes) networking read permissions to validate subnet/app
Invoke fails with runtime errors – Check function logs. – Confirm handler signature matches the runtime template. – Ensure dependencies are correctly included by the build process.
Function can’t reach external endpoints – Check VCN routing: – public subnet with Internet Gateway, or – private subnet with NAT/Service Gateway pattern (recommended for production) – Confirm security lists/NSGs allow outbound traffic.

Cleanup

To avoid ongoing costs and clutter, remove resources when done.

Delete the function: – OCI Console: Functions → Application → Function → Delete
(or use Fn CLI if supported by your workflow)
Delete the application: – Functions → Applications → functions-lab-app → Delete
Delete container images from OCIR: – Container Registry → repositories → delete the repo/images used by the lab
(this helps control storage and retention)
Delete the VCN (if created only for this lab): – Networking → VCN → Delete
Ensure dependent resources (subnets, gateways) are deleted as required.
Remove local artifacts:

cd ../..
rm -rf oci-functions-lab

11. Best Practices

Architecture best practices

Design for stateless execution: store state externally (DB, Object Storage, cache).
Keep functions small and focused: one responsibility per function; compose workflows using events or orchestration tools.
Prefer event payload references: pass object names/IDs instead of large payloads.
Use API Gateway for public APIs: centralize auth, throttling, and routing instead of exposing direct invocation patterns to the internet.

IAM / security best practices

Least privilege: separate policies for deployers vs invokers.
Use compartments for environment separation: dev, test, prod compartments and policies.
Avoid embedding credentials: use OCI-native identity patterns and Vault for secrets.
Lock down network egress: only allow required destinations; use NSGs where appropriate.

Cost best practices

Right-size memory: allocate based on measured needs.
Optimize duration: reduce cold start overhead and avoid slow downstream calls.
Control logs: log key events; avoid large payload logging.
Use budgets and alerts: track spend early, especially for API use cases.

Performance best practices

Minimize container image size: fewer dependencies, smaller base images (where compatible).
Reuse connections where safe: initialize SDK clients outside hot paths where runtime behavior supports it.
Graceful timeouts and retries: set client timeouts and handle retries carefully.

Reliability best practices

Idempotency: handle retries safely (especially for event triggers).
Dead-letter or failure handling: implement patterns to capture failures (depends on triggering service).
Graceful error responses: distinguish between user errors and transient system errors.

Operations best practices

Structured logging: include request IDs, event IDs, and key metadata.
Metrics and alarms: alert on elevated error rates and latency.
Version and release discipline: tag images, implement CI/CD, and avoid “latest” in production.
Runbooks: document common issues (auth, networking, registry access).

Governance / tagging / naming best practices

Tags:
environment=dev|test|prod
owner=team-name
cost-center=...
data-classification=...
Names:
Use consistent prefixes (e.g., acme-prod-payments-fn-*).
Include environment and domain.

12. Security Considerations

Identity and access model

OCI IAM policies control:
who can create/update/delete applications and functions
who can invoke functions
who can access logs and metrics
Use compartment boundaries to reduce blast radius.

Encryption

OCI services generally encrypt data at rest by default in many contexts, but encryption behavior varies by service and configuration.
For secrets:
prefer OCI Vault rather than plaintext environment variables
rotate secrets and limit access by policy

Network exposure

Functions run in your VCN subnets:
ensure subnets and route tables match your connectivity requirements
avoid broad egress rules in production
For public APIs:
place API Gateway in front
enforce authentication and throttling at the gateway

Secrets handling

Common secure patterns: – Retrieve secrets at runtime from OCI Vault (policy-controlled). – Avoid storing secrets in source code, container layers, or unencrypted config. – Use separate secrets per environment.

Audit and logging

Use OCI Audit (tenancy-level service) to track control-plane operations (create/update/delete).
Use Logging for runtime logs; restrict access to logs due to possible sensitive data leakage.

Compliance considerations

Data residency: choose appropriate OCI regions.
PII/PCI: ensure logs do not contain sensitive payloads.
Implement least-privilege access and separation of duties.

Common security mistakes

Deploying functions in overly permissive subnets (open egress everywhere) without justification
Storing database passwords in environment variables in plaintext
Giving developers broad manage all-resources policies in production compartments
Exposing function invoke endpoints directly to the internet without API Gateway/auth controls
Logging sensitive request bodies

Secure deployment recommendations

Use private subnets and explicit egress patterns in production.
Use API Gateway for external exposure and consistent authentication.
Integrate with Vault for secrets.
Implement secure CI/CD: signed artifacts, image scanning (where available), and controlled promotions across environments.

13. Limitations and Gotchas

Functions is intentionally constrained to make serverless reliable and predictable. Plan for these common limitations and operational gotchas.

Known limitations (verify current limits)

Execution time limits (timeout)
Memory limits and associated CPU scaling
Payload size limits for invocation request/response
Container image size limits
Concurrency limits per tenancy/compartment/function (service limits)
Regional availability and per-region quotas

Always confirm current values in official documentation and in Limits, Quotas and Usage in your tenancy.

Operational gotchas

Networking surprises: the function runs in your subnet—if it can’t reach OCIR or required endpoints, deployments/invocations fail.
Cold starts: first invocation after idle can be slower (image pull/startup).
Logging costs: high-volume logs can become expensive; limit verbosity.
Retries and duplicates: event-driven systems can deliver duplicates; design idempotency.
Configuration drift: app-level vs function-level configuration can diverge across environments; manage via IaC where possible.

Migration challenges

Packaging differs from other clouds:
OCI Functions is container-based; porting from other FaaS may require build/deploy pipeline changes.
Authentication differs:
invocation and service-to-service auth patterns are OCI-specific.

Vendor-specific nuances

The “application” concept and VCN attachment are central to OCI Functions.
OCIR is typically part of the workflow; registry auth and permissions are frequent stumbling blocks.

14. Comparison with Alternatives

Functions is one option for running application code on OCI. You should compare it against other OCI services and other clouds depending on your workload profile.

Comparison table

Option	Best For	Strengths	Weaknesses	When to Choose
Oracle Cloud Functions	Event-driven, short-lived compute, glue code, lightweight APIs	Serverless ops model, container packaging, VCN integration, strong OCI service integration	Limits on runtime/duration; cold starts; requires careful networking/OCIR setup	Bursty workloads, automation, event processing, APIs with variable demand
OCI API Gateway (with Functions)	Public HTTP APIs	Auth, routing, throttling, governance; integrates with Functions	Extra service and cost; requires gateway design	When you need public endpoints with managed API controls
OCI Container Instances	Longer-running containers without managing servers	Simple container run model, good for steady workloads	Not “serverless per-invocation”; you manage scaling patterns	When workloads are steady or exceed function limits
Oracle Kubernetes Engine (OKE)	Complex microservices platforms	Full Kubernetes ecosystem, high control	Operational overhead; cluster management	When you need platform-level control and continuous services
OCI Compute	Maximum flexibility	Full control of OS and networking	Highest ops overhead	When you need custom system control, long-running workloads
AWS Lambda	Serverless functions on AWS	Mature ecosystem, deep AWS integrations	Different packaging/auth model; multi-cloud complexity	If your architecture is AWS-centric
Azure Functions	Serverless on Azure	Strong Azure integrations	Different triggers/auth patterns	If your architecture is Azure-centric
Google Cloud Functions / Cloud Run	Serverless on GCP	Strong developer experience; Cloud Run for containers	Different platform tradeoffs	If your architecture is GCP-centric
Knative (self-managed)	Kubernetes-native serverless	Portability, control	Significant ops burden	If you need portability and have Kubernetes expertise

15. Real-World Example

Enterprise example: Compliance automation for Object Storage uploads

Problem: A regulated enterprise must validate every uploaded file for naming conventions, metadata tags, and storage tier rules. Non-compliant uploads must be quarantined and an audit record created.
Proposed architecture:
Object Storage emits events on object creation
OCI Events triggers a Function
Function validates metadata, applies tags, and writes an audit record to a database
Function stores validation results to a dedicated bucket
Logging and Monitoring capture execution and alert on failures
Why Functions was chosen:
event-driven scaling (uploads are bursty)
minimal infrastructure management
VCN integration to access private audit database
IAM policies enforce least privilege and separation of duties
Expected outcomes:
automated compliance checks with near-real-time response
reduced manual audit workload
consistent enforcement across teams

Startup/small-team example: Webhook ingestion with lightweight transformation

Problem: A small team needs to ingest payment provider webhooks, verify signatures, and forward normalized events to their internal services.
Proposed architecture:
API Gateway exposes /webhooks/payments
Gateway routes to a Function backend
Function verifies signature, normalizes payload, stores a copy in Object Storage, and posts an event to a queue/stream (architecture-specific)
Why Functions was chosen:
low ops burden for a small team
scales with bursty webhook traffic
easy deployments using container images
Expected outcomes:
reliable webhook processing with clear logs and alerts
minimal infrastructure to maintain
cost aligned with actual webhook volume

16. FAQ

1) Is “Functions” the same as “OCI Functions”?

Yes—Oracle documentation often calls the service OCI Functions, while the console and service name is commonly presented as Functions. Verify the latest naming in the official docs: https://docs.oracle.com/iaas/Content/Functions/home.htm

2) Do I need Docker to use Oracle Cloud Functions?

In most standard workflows, yes—functions are packaged as container images. Docker (or a compatible container build tool) is typically required for building and pushing images.

3) Do functions run inside my VCN?

Functions applications are associated with subnet(s) in your VCN. This is a key OCI design point: network placement is explicit.

4) Can a function access private databases?

Yes, if the function runs in a subnet that can route to the database and security rules allow it. This is a common reason teams choose OCI Functions.

5) How do I expose a function as a public HTTP endpoint?

A common pattern is to place OCI API Gateway in front of Functions. This centralizes auth, throttling, routing, and request policies.

6) How are functions authenticated when invoked?

Invocation authentication is OCI-specific and often involves signed requests or gateway-mediated auth. For developer workflows, the fn CLI can invoke functions using your OCI configuration. Verify the recommended invocation methods in official docs.

7) Can I run any language runtime?

Functions supports specific runtimes and patterns, and also supports custom container images within platform limits. Verify supported runtimes and base image recommendations in official docs.

8) Are functions stateful?

They should be treated as stateless. Persist state in external services (databases, Object Storage, caches). Any local filesystem usage should be considered ephemeral unless official docs state otherwise.

9) What are the typical limits (timeout/memory/payload)?

Functions has defined service limits that can change. Check: – OCI Console → Limits, Quotas and Usage – Functions documentation limits section: https://docs.oracle.com/iaas/Content/Functions/home.htm

10) How do I manage secrets?

Prefer OCI Vault and least-privilege access patterns rather than embedding secrets in code or environment variables.

11) How do I monitor function health?

Use OCI Logging for logs and OCI Monitoring for metrics/alarms. Set alerts on error rates and latency.

12) What causes cold starts and how do I reduce them?

Cold starts occur when the platform needs to start a function container after idle. Reduce impact by keeping images small, optimizing initialization, and avoiding unnecessary dependencies.

13) Can I deploy Functions with Terraform?

Terraform can manage many OCI resources. Whether the provider supports all Functions features depends on provider version. Verify current Terraform support in official Oracle Terraform provider docs and resource references.

14) How do I implement CI/CD for Functions?

A common approach: – build container image in CI – push to OCIR – update function to reference the new image – promote via environments/compartments Use tags/versions and avoid mutable tags in production.

15) What’s the difference between a Functions Application and a Function?

An Application is a grouping and configuration boundary (especially networking). A Function is the executable unit (image + runtime configuration) inside an application.

16) Can Functions call OCI APIs securely without storing keys?

OCI supports identity patterns that reduce or eliminate static keys depending on how your function is authenticated/authorized at runtime. The exact implementation is security-sensitive—verify the current best practice in official docs.

17) What’s the biggest operational risk with OCI Functions?

Networking and permissions. Most early failures come from: – subnet egress not allowing access to OCIR or required endpoints – insufficient IAM policies for deploy/invoke/log access

17. Top Online Resources to Learn Functions

Resource Type	Name	Why It Is Useful
Official documentation	OCI Functions Documentation	Primary source for concepts, limits, IAM policies, deployment workflows. https://docs.oracle.com/iaas/Content/Functions/home.htm
Official pricing	Oracle Cloud Pricing	Pricing entry point and links to detailed SKUs. https://www.oracle.com/cloud/pricing/
Official price list	Oracle Cloud Price List	Detailed service SKUs (region/contract dependent). https://www.oracle.com/cloud/price-list/
Official cost tool	Oracle Cloud Cost Estimator	Build estimates using your expected invocations and duration. https://www.oracle.com/cloud/costestimator.html
Official free tier	Oracle Cloud Free Tier	Verify what is free/Always Free (if applicable) for your region and service. https://www.oracle.com/cloud/free/
Official IAM docs	OCI Identity and Access Management	Required for least-privilege policies and secure deployments. https://docs.oracle.com/iaas/Content/Identity/home.htm
Architecture center	Oracle Architecture Center	Reference architectures and design guidance; search for serverless/event-driven patterns. https://docs.oracle.com/en/solutions/
Official networking docs	OCI Networking Documentation	Essential for VCN/subnet/gateway design for Functions. https://docs.oracle.com/iaas/Content/Network/Concepts/overview.htm
Upstream tooling	Fn Project	Background on Fn CLI and function build concepts used by OCI Functions workflows. https://fnproject.io/
Source/code hosting	Oracle on GitHub	Find Oracle samples and repositories; search for “OCI Functions” examples. https://github.com/oracle

18. Training and Certification Providers

Below are training providers (as requested). Verify current course catalogs and delivery modes on each website.

Institute	Suitable Audience	Likely Learning Focus	Mode	Website URL
DevOpsSchool.com	DevOps engineers, SREs, cloud engineers	DevOps practices, CI/CD, cloud operations; may include Oracle Cloud topics	Check website	https://www.devopsschool.com/
ScmGalaxy.com	Beginners to intermediate DevOps learners	SCM, DevOps foundations, tooling, process	Check website	https://www.scmgalaxy.com/
CLoudOpsNow.in	Cloud operations teams	Cloud ops practices, automation, monitoring	Check website	https://www.cloudopsnow.in/
SreSchool.com	SREs, platform teams	Reliability engineering, monitoring, incident response	Check website	https://www.sreschool.com/
AiOpsSchool.com	Ops teams exploring AIOps	Observability, automation, AIOps concepts	Check website	https://www.aiopsschool.com/

19. Top Trainers

These sites are listed as trainer-related resources (as requested). Verify offerings and credentials directly on the sites.

Platform/Site	Likely Specialization	Suitable Audience	Website URL
RajeshKumar.xyz	DevOps/cloud training content	Students, engineers seeking practical guidance	https://rajeshkumar.xyz/
devopstrainer.in	DevOps training	Beginners to advanced practitioners	https://www.devopstrainer.in/
devopsfreelancer.com	Freelance DevOps services/training content	Teams and individuals seeking hands-on help	https://www.devopsfreelancer.com/
devopssupport.in	DevOps support/training	Ops teams needing guided support	https://www.devopssupport.in/

20. Top Consulting Companies

These consulting companies are included exactly as requested. Descriptions are neutral and generic; verify service details directly with the providers.

Company Name	Likely Service Area	Where They May Help	Consulting Use Case Examples	Website URL
cotocus.com	DevOps and cloud consulting	Platform engineering, automation, CI/CD	Designing serverless + CI/CD workflows; operational readiness	https://cotocus.com/
DevOpsSchool.com	DevOps consulting and training	DevOps transformation, delivery pipelines	Building CI/CD for Functions images; IaC governance patterns	https://www.devopsschool.com/
DEVOPSCONSULTING.IN	DevOps consulting	Toolchain integration, cloud operations	Observability setup; deployment automation; security review	https://www.devopsconsulting.in/

21. Career and Learning Roadmap

What to learn before Functions

OCI fundamentals:
tenancies, compartments, IAM users/groups/policies
regions and availability
OCI networking basics:
VCN, subnets, route tables, gateways
security lists and NSGs
Containers:
Docker images, registries, basic troubleshooting
Basic observability:
logs, metrics, alarms
One programming language well (Python/Node/Java/Go)

What to learn after Functions

API design and management with OCI API Gateway
Event-driven architecture with OCI Events, Streaming, and Service Connector patterns
Secrets and key management with OCI Vault
CI/CD pipelines for container images (build, scan, push, promote)
Infrastructure as Code (Terraform) for repeatable environments
Reliability engineering: SLOs, error budgets, incident response

Job roles that use it

Cloud engineer / cloud developer
DevOps engineer / platform engineer
Site Reliability Engineer (SRE)
Solutions architect
Integration engineer
Security engineer (automation focus)

Certification path (if available)

Oracle certification programs change over time. Check Oracle University and official OCI certification pages for current tracks related to OCI development and architecture: – Oracle University: https://education.oracle.com/

Project ideas for practice

Object Storage upload → function validates and tags objects
API Gateway + Functions “notes” API with a managed database backend
Streaming event enrichment pipeline (simple lookup + forward)
Cost-control utility: function that audits resource tags and reports non-compliant resources
CI/CD pipeline that builds and deploys versioned function images to dev/test/prod compartments

22. Glossary

OCI (Oracle Cloud Infrastructure): Oracle Cloud’s infrastructure platform that includes networking, compute, storage, and developer services like Functions.
Functions: Oracle Cloud managed Function-as-a-Service (FaaS) for running container-packaged functions on demand.
FaaS: Function as a Service; run code on-demand without managing servers.
Tenancy: Your top-level OCI account boundary.
Compartment: A logical grouping of OCI resources used for access control and billing organization.
OCID: Oracle Cloud Identifier; a unique ID for an OCI resource.
VCN: Virtual Cloud Network; a private network in OCI.
Subnet: A range of IP addresses within a VCN where resources are placed.
Security List / NSG: Network access control mechanisms for subnets and VNICs.
OCIR: OCI Container Registry; stores container images used by Functions and other services.
Fn CLI (fn): Command-line tool commonly used to build, deploy, and invoke functions in OCI Functions workflows.
Invocation: A single execution request for a function.
Cold start: Latency incurred when a function container must start after being idle.
API Gateway: Managed gateway for publishing and managing HTTP APIs (often used in front of Functions).
OCI Logging: Service for collecting and querying logs.
OCI Monitoring: Service for metrics, alarms, and operational visibility.
Vault: Service for storing and managing secrets and encryption keys.

23. Summary

Oracle Cloud Functions is OCI’s serverless compute service in the Application Development category, designed for running small, stateless, container-packaged code on demand. It fits best for event-driven processing, automation, and lightweight APIs—especially when you want tight integration with OCI services and VCN networking.

Key cost points: costs are driven mainly by invocations and execution duration/memory, with additional costs commonly coming from API Gateway, Logging, OCIR storage, and network egress. Key security points: use least-privilege IAM, run in appropriately designed VCN subnets, and handle secrets through Vault rather than plaintext configuration.

Use Functions when workloads are bursty, event-driven, and short-lived; consider Container Instances, OKE, or Compute when workloads are steady, long-running, or require deeper system control.

Next step: expand this lab by fronting your function with OCI API Gateway and adding secure secret retrieval via OCI Vault, then automate deployments with a CI/CD pipeline and infrastructure as code.

rajeshkumar

Category