{"id":748,"date":"2026-04-15T10:28:19","date_gmt":"2026-04-15T10:28:19","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-application-container-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-other-services\/"},"modified":"2026-04-15T10:28:19","modified_gmt":"2026-04-15T10:28:19","slug":"oracle-cloud-application-container-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-other-services","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-application-container-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-other-services\/","title":{"rendered":"Oracle Cloud Application Container Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Other Services"},"content":{"rendered":"\n

Category<\/h2>\n\n\n\n

Other Services<\/p>\n\n\n\n

1. Introduction<\/h2>\n\n\n\n

Important status note (read first):<\/strong> In Oracle\u2019s product history, the name Application Container<\/strong> most commonly refers to Oracle Application Container Cloud Service<\/strong>\u2014a managed PaaS offering from Oracle Cloud (Classic)<\/strong> used to run containerized applications. Oracle Cloud has since shifted its strategic container runtime offerings to Oracle Cloud Infrastructure (OCI)<\/strong> services such as OCI Container Instances<\/strong>, OCI Container Engine for Kubernetes (OKE)<\/strong>, and OCI Functions<\/strong>. Availability, onboarding, and pricing for the legacy service can vary by account and may no longer be offered for new customers. Verify current availability in official Oracle documentation and your Oracle Cloud account.<\/strong><\/p>\n\n\n\n

What this service is<\/h3>\n\n\n\n

Application Container<\/strong> is (historically) Oracle Cloud\u2019s managed application runtime for deploying and running container-packaged applications without provisioning and managing servers directly.<\/p>\n\n\n\n

Simple explanation (one paragraph)<\/h3>\n\n\n\n

You package your application as a container image (or deploy it using supported runtime packaging), upload it to Oracle Cloud, and Oracle runs it for you\u2014handling the underlying compute, basic scaling patterns, and runtime operations so you can focus on code and releases.<\/p>\n\n\n\n

Technical explanation (one paragraph)<\/h3>\n\n\n\n

Application Container (as Oracle Application Container Cloud Service in Oracle Cloud Classic) provided a managed container execution environment with deployment descriptors (for configuration), integration points to other Oracle Cloud services, and operational controls such as instance sizing, scaling settings, and logging\/monitoring hooks. In modern OCI, similar outcomes are achieved using OCI Container Instances<\/strong> (serverless-style container runtime), OKE<\/strong> (managed Kubernetes), and supporting services like OCI Registry (OCIR)<\/strong>, IAM<\/strong>, VCN<\/strong>, Logging<\/strong>, and Monitoring<\/strong>.<\/p>\n\n\n\n

What problem it solves<\/h3>\n\n\n\n

Teams want to run containerized web APIs, background workers, and microservices without<\/strong>:\n– managing VMs, OS patching, and host-level Docker operations\n– maintaining a full Kubernetes control plane for small-to-medium workloads\n– building a bespoke deployment platform<\/p>\n\n\n\n

Application Container aimed to provide a \u201cdeploy containers, get an endpoint, operate safely\u201d experience in Oracle Cloud.<\/p>\n\n\n\n

\n\n\n\n

2. What is Application Container?<\/h2>\n\n\n\n

Official purpose<\/h3>\n\n\n\n

Historically, Application Container<\/strong> (Oracle Application Container Cloud Service) was designed to deploy and run applications packaged in containers<\/strong> in Oracle Cloud, supporting typical web\/service workloads with managed infrastructure.<\/p>\n\n\n\n

Because Oracle has evolved its cloud platform, the official purpose you should validate today<\/strong> is:\n– Whether Oracle Application Container Cloud Service<\/strong> is still available to your tenancy (legacy\/Classic), and\n– Which OCI-native services<\/strong> Oracle recommends for new deployments (typically OCI Container Instances<\/strong>, OKE<\/strong>, or Functions<\/strong>).<\/p>\n\n\n\n

Verify in official docs:<\/strong>\n– Oracle Cloud Infrastructure documentation: https:\/\/docs.oracle.com\/en-us\/iaas\/\n– Oracle Cloud pricing entry points: https:\/\/www.oracle.com\/cloud\/pricing\/ and https:\/\/www.oracle.com\/cloud\/costestimator.html<\/p>\n\n\n\n

Core capabilities (conceptually)<\/h3>\n\n\n\n

Depending on the generation of the service (Classic vs OCI-native alternatives), \u201cApplication Container\u201d style capabilities typically include:\n– Running container images as managed workloads\n– Configuring environment variables and application settings\n– Exposing HTTP(S) endpoints\n– Integrating with identity, networking, logs, and metrics\n– Supporting CI\/CD-driven deployments<\/p>\n\n\n\n

Major components (how to think about it)<\/h3>\n\n\n\n

Even if the legacy service is not available, the functional components<\/strong> you\u2019ll use in Oracle Cloud to implement \u201cApplication Container\u201d outcomes are:<\/p>\n\n\n\n

\n\n\n\n\n\n\n\n\n\n\n
Component<\/th>\nWhat it does in Oracle Cloud<\/th>\nTypical OCI service(s)<\/th>\n<\/tr>\n<\/thead>\n
Container image repository<\/td>\nStores versioned container images<\/td>\nOCI Registry (OCIR)<\/strong><\/td>\n<\/tr>\n
Runtime to execute containers<\/td>\nRuns containers without managing servers<\/td>\nOCI Container Instances<\/strong> (or OKE<\/strong>)<\/td>\n<\/tr>\n
Networking<\/td>\nPrivate networks, ingress, routing, security rules<\/td>\nVCN<\/strong>, subnets, security lists\/NSGs, Load Balancer<\/strong><\/td>\n<\/tr>\n
Identity and permissions<\/td>\nWho can push\/pull images and deploy runtimes<\/td>\nOCI IAM<\/strong> (policies, dynamic groups, auth tokens)<\/td>\n<\/tr>\n
Secrets<\/td>\nStore credentials securely<\/td>\nOCI Vault<\/strong><\/td>\n<\/tr>\n
Logs and metrics<\/td>\nCentralize and search logs; view metrics\/alarms<\/td>\nOCI Logging<\/strong>, OCI Monitoring<\/strong>, Alarms<\/strong>, Events<\/strong><\/td>\n<\/tr>\n
Build\/Deploy automation<\/td>\nCI\/CD pipelines and artifacts<\/td>\nOCI DevOps (verify), or external tools (GitHub Actions\/Jenkins)<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n

Service type<\/h3>\n\n\n\n
    \n
  • Legacy Application Container (Classic): PaaS<\/strong> (platform-managed runtime)<\/li>\n
  • OCI-native replacement pattern: Managed container runtime<\/strong> (Container Instances) or Managed Kubernetes<\/strong> (OKE)<\/li>\n<\/ul>\n\n\n\n

    Regional\/global\/zonal scope<\/h3>\n\n\n\n
      \n
    • OCI services used for the \u201cApplication Container\u201d pattern are generally regional<\/strong> resources (for example, VCN is regional; subnets may be regional in OCI; verify specifics per service).<\/li>\n
    • Identity (IAM) is tenancy-wide<\/strong>, with policies scoped via compartments<\/strong>.<\/li>\n<\/ul>\n\n\n\n

      How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n

      Think of Application Container as a runtime layer<\/strong>:\n– Above: your app code, CI\/CD, and deployment process\n– Beside: databases (Autonomous Database, MySQL), messaging\/streaming, API Gateway, Load Balancer\n– Below: VCN networking, IAM, logging\/monitoring, registry<\/p>\n\n\n\n

      In OCI, a common modern mapping is:\n– OCIR<\/strong> (images) \u2192 Container Instances<\/strong> (runtime) \u2192 Load Balancer<\/strong> (ingress) \u2192 DB<\/strong>\/Object Storage<\/strong>\/Streaming<\/strong> (dependencies), all governed by IAM<\/strong> and observed with Logging\/Monitoring<\/strong>.<\/p>\n\n\n\n

      \n\n\n\n

      3. Why use Application Container?<\/h2>\n\n\n\n

      Business reasons<\/h3>\n\n\n\n
        \n
      • Faster time-to-market:<\/strong> deploy containerized apps without waiting for platform teams to provision and harden VM stacks.<\/li>\n
      • Standardization:<\/strong> consistent deployment unit (container image) across dev\/test\/prod.<\/li>\n
      • Reduced operational overhead:<\/strong> fewer moving parts than self-managed container hosts or bespoke platforms.<\/li>\n<\/ul>\n\n\n\n

        Technical reasons<\/h3>\n\n\n\n
          \n
        • Immutable deployments:<\/strong> image-based releases improve repeatability and rollback strategies.<\/li>\n
        • Portability:<\/strong> containers can move between environments (local Docker, CI, OCI runtime).<\/li>\n
        • Dependency encapsulation:<\/strong> packages libraries and runtime dependencies consistently.<\/li>\n<\/ul>\n\n\n\n

          Operational reasons<\/h3>\n\n\n\n
            \n
          • Simplified patching model:<\/strong> fewer host OS concerns (especially with managed runtimes).<\/li>\n
          • Observability alignment:<\/strong> central logs\/metrics and alarms are easier to standardize.<\/li>\n
          • Scalable patterns:<\/strong> scale out horizontally with multiple instances behind a load balancer (exact mechanics depend on the runtime service\u2014verify).<\/li>\n<\/ul>\n\n\n\n

            Security\/compliance reasons<\/h3>\n\n\n\n
              \n
            • Identity-driven access:<\/strong> IAM policies can restrict who can deploy, pull images, or view logs.<\/li>\n
            • Network segmentation:<\/strong> run workloads in private subnets, use controlled ingress, and reduce public exposure.<\/li>\n
            • Auditability:<\/strong> OCI Audit can record control plane actions (verify coverage for each service).<\/li>\n<\/ul>\n\n\n\n

              Scalability\/performance reasons<\/h3>\n\n\n\n
                \n
              • Right-size quickly:<\/strong> choose CPU\/memory profiles appropriate for your service.<\/li>\n
              • Elasticity patterns:<\/strong> add replicas\/instances and distribute traffic.<\/li>\n<\/ul>\n\n\n\n

                When teams should choose it<\/h3>\n\n\n\n

                Choose an \u201cApplication Container\u201d approach in Oracle Cloud when you need:\n– A managed runtime for HTTP APIs, microservices, internal tools, and background workers\n– A container-based delivery model with minimal platform overhead\n– Clear separation of duties: developers ship images; ops govern IAM\/networking\/observability<\/p>\n\n\n\n

                When teams should not choose it<\/h3>\n\n\n\n

                Avoid this approach (or choose a different OCI service) when:\n– You need full Kubernetes control<\/strong> (custom controllers, service mesh, complex scheduling) \u2192 consider OKE<\/strong>\n– You need event-driven\/serverless functions<\/strong> with per-request billing \u2192 consider OCI Functions<\/strong>\n– You require very specialized networking\/kernel capabilities<\/strong> or privileged containers \u2192 consider Compute<\/strong> or Kubernetes with careful governance\n– You are depending on Oracle Cloud Classic<\/strong> legacy services\u2014prefer OCI-native services for new builds (verify availability and support timelines)<\/p>\n\n\n\n

                \n\n\n\n

                4. Where is Application Container used?<\/h2>\n\n\n\n

                Industries<\/h3>\n\n\n\n
                  \n
                • SaaS and software companies shipping microservices<\/li>\n
                • Finance and insurance for internal APIs and integration services<\/li>\n
                • Retail and e-commerce for web backends and campaign services<\/li>\n
                • Telecommunications for service mediation and API layers<\/li>\n
                • Healthcare for integration workloads (with strict security controls)<\/li>\n<\/ul>\n\n\n\n

                  Team types<\/h3>\n\n\n\n
                    \n
                  • Platform engineering teams offering a container runtime to application squads<\/li>\n
                  • DevOps\/SRE teams standardizing CI\/CD and runtime operations<\/li>\n
                  • Development teams who want containers but not Kubernetes complexity<\/li>\n
                  • Security teams enforcing least privilege, private networking, and audit logging<\/li>\n<\/ul>\n\n\n\n

                    Workloads<\/h3>\n\n\n\n
                      \n
                    • REST\/gRPC APIs<\/li>\n
                    • Web applications (frontend + backend)<\/li>\n
                    • Background workers (queues, schedulers)<\/li>\n
                    • ETL\/data ingestion microservices<\/li>\n
                    • Integration adapters (calling ERP\/CRM systems)<\/li>\n<\/ul>\n\n\n\n

                      Architectures<\/h3>\n\n\n\n
                        \n
                      • Microservices behind a load balancer<\/li>\n
                      • Three-tier app: web \u2192 API \u2192 database<\/li>\n
                      • Event-driven pipelines (with streaming\/queues)<\/li>\n
                      • Hybrid integration: on-prem systems connecting to OCI apps<\/li>\n<\/ul>\n\n\n\n

                        Real-world deployment contexts<\/h3>\n\n\n\n
                          \n
                        • Production services with rolling releases, load balancing, and alarms<\/li>\n
                        • Dev\/test sandboxes for feature branches<\/li>\n
                        • Multi-environment setups (dev\/stage\/prod) using compartments and tagging<\/li>\n<\/ul>\n\n\n\n

                          Production vs dev\/test usage<\/h3>\n\n\n\n
                            \n
                          • Dev\/test:<\/strong> smaller CPU\/memory, relaxed scaling, shorter retention for logs, frequent redeploys<\/li>\n
                          • Production:<\/strong> private subnets, WAF\/load balancer, strict IAM, alarms, on-call runbooks, and controlled outbound access<\/li>\n<\/ul>\n\n\n\n
                            \n\n\n\n

                            5. Top Use Cases and Scenarios<\/h2>\n\n\n\n

                            Below are realistic \u201cApplication Container\u201d style scenarios in Oracle Cloud. Where the legacy service is unavailable, implement them with OCI Container Instances<\/strong> or OKE<\/strong>.<\/p>\n\n\n\n

                            1) Containerized REST API for a mobile app<\/h3>\n\n\n\n
                              \n
                            • Problem:<\/strong> You need a stable API backend with repeatable deployments.<\/li>\n
                            • Why this service fits:<\/strong> Container image release process is consistent; managed runtime reduces ops burden.<\/li>\n
                            • Scenario:<\/strong> A Node\/Java\/Python API is deployed as an image, fronted by an OCI Load Balancer and connected to Autonomous Database.<\/li>\n<\/ul>\n\n\n\n

                              2) Internal admin portal<\/h3>\n\n\n\n
                                \n
                              • Problem:<\/strong> Internal tools need secure access and rapid iteration.<\/li>\n
                              • Why it fits:<\/strong> Easy deployments; tight IAM and network controls.<\/li>\n
                              • Scenario:<\/strong> Admin UI runs in a private subnet; access is via VPN\/FastConnect and internal DNS.<\/li>\n<\/ul>\n\n\n\n

                                3) Background worker processing queue messages<\/h3>\n\n\n\n
                                  \n
                                • Problem:<\/strong> Offload async tasks from the web tier.<\/li>\n
                                • Why it fits:<\/strong> Long-running container processes; scale workers by replicas.<\/li>\n
                                • Scenario:<\/strong> Workers pull jobs from a queue\/streaming service and write results to Object Storage.<\/li>\n<\/ul>\n\n\n\n

                                  4) Webhook receiver for third-party integrations<\/h3>\n\n\n\n
                                    \n
                                  • Problem:<\/strong> You must receive inbound webhooks reliably and securely.<\/li>\n
                                  • Why it fits:<\/strong> Expose a single endpoint; validate signatures; forward events internally.<\/li>\n
                                  • Scenario:<\/strong> A small API service receives Stripe\/Git provider webhooks and publishes to a streaming topic.<\/li>\n<\/ul>\n\n\n\n

                                    5) Multi-tenant SaaS microservice<\/h3>\n\n\n\n
                                      \n
                                    • Problem:<\/strong> Tenant isolation and repeatable scaling are required.<\/li>\n
                                    • Why it fits:<\/strong> Containers support consistent deployment; compartments\/tags support governance.<\/li>\n
                                    • Scenario:<\/strong> Each environment runs multiple services; service-level alarms and dashboards track SLIs.<\/li>\n<\/ul>\n\n\n\n

                                      6) Blue\/green or canary releases for a service<\/h3>\n\n\n\n
                                        \n
                                      • Problem:<\/strong> Reduce risk during releases.<\/li>\n
                                      • Why it fits:<\/strong> Run two versions of the container and shift traffic gradually (often via Load Balancer).<\/li>\n
                                      • Scenario:<\/strong> Deploy v2 alongside v1 and adjust LB routing (method depends on LB features\u2014verify).<\/li>\n<\/ul>\n\n\n\n

                                        7) Batch ingestion microservice<\/h3>\n\n\n\n
                                          \n
                                        • Problem:<\/strong> Periodically ingest data from external sources.<\/li>\n
                                        • Why it fits:<\/strong> Containerized job can run on schedule via external scheduler or OCI Events\/Functions (verify).<\/li>\n
                                        • Scenario:<\/strong> A container pulls CSV files from SFTP, transforms them, stores results in Object Storage.<\/li>\n<\/ul>\n\n\n\n

                                          8) API facade in front of legacy systems<\/h3>\n\n\n\n
                                            \n
                                          • Problem:<\/strong> You need a modern API while backends are legacy.<\/li>\n
                                          • Why it fits:<\/strong> Lightweight stateless API container; network connectivity to on-prem via FastConnect\/VPN.<\/li>\n
                                          • Scenario:<\/strong> API validates JWT, maps requests to SOAP\/DB calls, returns normalized JSON.<\/li>\n<\/ul>\n\n\n\n

                                            9) ML model inference microservice (lightweight)<\/h3>\n\n\n\n
                                              \n
                                            • Problem:<\/strong> Serve a small model with predictable latency.<\/li>\n
                                            • Why it fits:<\/strong> Container packaging of runtime dependencies; can scale out.<\/li>\n
                                            • Scenario:<\/strong> A FastAPI inference service runs in a container; autoscaling handled by platform patterns (verify).<\/li>\n<\/ul>\n\n\n\n

                                              10) Security scanner \/ policy agent sidecar pattern (platform-dependent)<\/h3>\n\n\n\n
                                                \n
                                              • Problem:<\/strong> Enforce policies at runtime.<\/li>\n
                                              • Why it fits:<\/strong> Container platform can host policy agents; logs centralized.<\/li>\n
                                              • Scenario:<\/strong> A policy service validates requests and emits audit logs (implementation depends on chosen runtime\u2014verify).<\/li>\n<\/ul>\n\n\n\n
                                                \n\n\n\n

                                                6. Core Features<\/h2>\n\n\n\n

                                                Because Application Container<\/strong> is widely associated with a legacy Oracle Cloud Classic<\/strong> service, the safest way to describe features is:<\/p>\n\n\n\n

                                                  \n
                                                • Legacy features<\/strong> (what the Classic service typically provided)<\/li>\n
                                                • OCI-native equivalents<\/strong> (how to achieve it today)<\/li>\n<\/ul>\n\n\n\n

                                                  If your account still uses the legacy service, verify exact capabilities in the Classic documentation available to you<\/strong>.<\/p>\n\n\n\n

                                                  Feature 1: Containerized deployment unit<\/h3>\n\n\n\n
                                                    \n
                                                  • What it does:<\/strong> Uses a container image (or container-like packaging) as the deployable artifact.<\/li>\n
                                                  • Why it matters:<\/strong> Strong release consistency across environments.<\/li>\n
                                                  • Practical benefit:<\/strong> \u201cWorks on my machine\u201d issues are reduced.<\/li>\n
                                                  • Limitations\/caveats:<\/strong> You must maintain image security (base image updates, CVE scanning).<\/li>\n<\/ul>\n\n\n\n

                                                    Feature 2: Managed runtime (no server management)<\/h3>\n\n\n\n
                                                      \n
                                                    • What it does:<\/strong> Runs containers without you managing host OS and Docker daemon operations.<\/li>\n
                                                    • Why it matters:<\/strong> Reduces ops overhead and hardening tasks.<\/li>\n
                                                    • Practical benefit:<\/strong> Faster deployments and fewer infrastructure tickets.<\/li>\n
                                                    • Limitations\/caveats:<\/strong> Less low-level control; some workloads requiring privileged access may not work.<\/li>\n<\/ul>\n\n\n\n

                                                      Feature 3: Configuration injection (env vars \/ deployment descriptors)<\/h3>\n\n\n\n
                                                        \n
                                                      • What it does:<\/strong> Allows configuration outside the image (environment variables, settings).<\/li>\n
                                                      • Why it matters:<\/strong> Promotes 12-factor app practices.<\/li>\n
                                                      • Practical benefit:<\/strong> Same image can be reused across dev\/stage\/prod.<\/li>\n
                                                      • Limitations\/caveats:<\/strong> Don\u2019t store secrets in plaintext env vars; use Vault\/secrets patterns.<\/li>\n<\/ul>\n\n\n\n

                                                        Feature 4: Service exposure (HTTP endpoint)<\/h3>\n\n\n\n
                                                          \n
                                                        • What it does:<\/strong> Exposes an application endpoint, often via a load balancer or platform routing.<\/li>\n
                                                        • Why it matters:<\/strong> Standard way to publish APIs.<\/li>\n
                                                        • Practical benefit:<\/strong> Predictable DNS and TLS termination patterns.<\/li>\n
                                                        • Limitations\/caveats:<\/strong> Network design matters; avoid direct public exposure when not required.<\/li>\n<\/ul>\n\n\n\n

                                                          Feature 5: Horizontal scaling patterns<\/h3>\n\n\n\n
                                                            \n
                                                          • What it does:<\/strong> Supports running multiple instances\/replicas.<\/li>\n
                                                          • Why it matters:<\/strong> Enables higher availability and throughput.<\/li>\n
                                                          • Practical benefit:<\/strong> Scale-out handles spikes better than vertical-only scaling.<\/li>\n
                                                          • Limitations\/caveats:<\/strong> Your app must be stateless (or externalize state to DB\/cache).<\/li>\n<\/ul>\n\n\n\n

                                                            Feature 6: Rolling deployments \/ versioning (pattern)<\/h3>\n\n\n\n
                                                              \n
                                                            • What it does:<\/strong> Enables replacing instances gradually (or running parallel versions).<\/li>\n
                                                            • Why it matters:<\/strong> Reduces downtime and release risk.<\/li>\n
                                                            • Practical benefit:<\/strong> Safer deploys with rollback options.<\/li>\n
                                                            • Limitations\/caveats:<\/strong> Exact deployment controls differ by runtime; verify.<\/li>\n<\/ul>\n\n\n\n

                                                              Feature 7: Logging integration<\/h3>\n\n\n\n
                                                                \n
                                                              • What it does:<\/strong> Emits container logs to a centralized service.<\/li>\n
                                                              • Why it matters:<\/strong> Operational debugging and auditability.<\/li>\n
                                                              • Practical benefit:<\/strong> Faster incident resolution.<\/li>\n
                                                              • Limitations\/caveats:<\/strong> Log volume can become a cost driver; set retention.<\/li>\n<\/ul>\n\n\n\n

                                                                Feature 8: Metrics and alarms integration<\/h3>\n\n\n\n
                                                                  \n
                                                                • What it does:<\/strong> Publishes runtime metrics (CPU\/memory, request rates if instrumented).<\/li>\n
                                                                • Why it matters:<\/strong> Alerts before outages.<\/li>\n
                                                                • Practical benefit:<\/strong> SRE-grade visibility when combined with SLIs\/SLOs.<\/li>\n
                                                                • Limitations\/caveats:<\/strong> App-level metrics require instrumentation (Prometheus\/OpenTelemetry patterns\u2014verify supported integrations).<\/li>\n<\/ul>\n\n\n\n

                                                                  Feature 9: IAM-controlled access to images and deployment<\/h3>\n\n\n\n
                                                                    \n
                                                                  • What it does:<\/strong> Restricts who can push images, deploy runtimes, and view logs.<\/li>\n
                                                                  • Why it matters:<\/strong> Prevents unauthorized releases and supply-chain issues.<\/li>\n
                                                                  • Practical benefit:<\/strong> Enforce least privilege and separation of duties.<\/li>\n
                                                                  • Limitations\/caveats:<\/strong> Misconfigured policies are a common failure mode.<\/li>\n<\/ul>\n\n\n\n

                                                                    Feature 10: Network isolation and private connectivity (with OCI patterns)<\/h3>\n\n\n\n
                                                                      \n
                                                                    • What it does:<\/strong> Runs workloads inside a VCN with private subnets and controlled ingress\/egress.<\/li>\n
                                                                    • Why it matters:<\/strong> Supports compliance and reduces attack surface.<\/li>\n
                                                                    • Practical benefit:<\/strong> Private services can still be reachable via API Gateway\/LB.<\/li>\n
                                                                    • Limitations\/caveats:<\/strong> Requires careful subnet, route table, and security list\/NSG configuration.<\/li>\n<\/ul>\n\n\n\n
                                                                      \n\n\n\n

                                                                      7. Architecture and How It Works<\/h2>\n\n\n\n

                                                                      High-level architecture<\/h3>\n\n\n\n

                                                                      An \u201cApplication Container\u201d architecture in Oracle Cloud typically looks like:<\/p>\n\n\n\n

                                                                        \n
                                                                      1. Developers build a container image.<\/li>\n
                                                                      2. The image is pushed to OCI Registry (OCIR)<\/strong>.<\/li>\n
                                                                      3. A managed runtime (legacy Application Container service or modern OCI Container Instances\/OKE) pulls the image.<\/li>\n
                                                                      4. Networking controls expose the app:\n – private-only service, or\n – public endpoint via OCI Load Balancer<\/strong> (optionally with WAF\/API Gateway\u2014verify).<\/li>\n
                                                                      5. Observability services collect logs\/metrics; IAM and Audit govern changes.<\/li>\n<\/ol>\n\n\n\n

                                                                        Request \/ data \/ control flow<\/h3>\n\n\n\n
                                                                          \n
                                                                        • Control plane flow:<\/strong> Console\/CLI\/API \u2192 IAM auth \u2192 runtime service creates\/updates deployments \u2192 pulls image from registry.<\/li>\n
                                                                        • Data plane flow:<\/strong> Client \u2192 DNS \u2192 Load Balancer \u2192 container runtime \u2192 downstream dependencies (DB\/Object Storage\/Streaming).<\/li>\n
                                                                        • Telemetry flow:<\/strong> Container stdout\/stderr \u2192 Logging; system\/app metrics \u2192 Monitoring \u2192 Alarms\/Notifications.<\/li>\n<\/ul>\n\n\n\n

                                                                          Integrations with related services (common)<\/h3>\n\n\n\n
                                                                            \n
                                                                          • OCI Registry (OCIR):<\/strong> container images<\/li>\n
                                                                          • VCN:<\/strong> network segmentation<\/li>\n
                                                                          • Load Balancer:<\/strong> stable ingress, TLS termination<\/li>\n
                                                                          • API Gateway (optional):<\/strong> API management, auth offload (verify)<\/li>\n
                                                                          • Vault:<\/strong> secrets management<\/li>\n
                                                                          • Logging \/ Monitoring \/ Alarms:<\/strong> ops<\/li>\n
                                                                          • Notifications:<\/strong> send alarm notifications<\/li>\n
                                                                          • Audit:<\/strong> track administrative actions<\/li>\n
                                                                          • Autonomous Database \/ MySQL \/ Object Storage:<\/strong> data dependencies<\/li>\n<\/ul>\n\n\n\n

                                                                            Dependency services<\/h3>\n\n\n\n

                                                                            At minimum for OCI-native runtime patterns:\n– OCI IAM\n– VCN + subnet + security rules\n– OCIR (or a public registry)\n– Logging\/Monitoring (recommended)<\/p>\n\n\n\n

                                                                            Security\/authentication model<\/h3>\n\n\n\n
                                                                              \n
                                                                            • Users and groups<\/strong> are managed in OCI IAM.<\/li>\n
                                                                            • Access is controlled via policies<\/strong> scoped to compartments.<\/li>\n
                                                                            • Pushing images to OCIR commonly uses auth tokens<\/strong> (for Docker login) tied to a user, or automation-friendly credentials (verify best practice for your org).<\/li>\n
                                                                            • Runtime pulling from OCIR must have permission; depending on the runtime, this can be via service principals\/dynamic groups or configuration (verify).<\/li>\n<\/ul>\n\n\n\n

                                                                              Networking model<\/h3>\n\n\n\n
                                                                                \n
                                                                              • Runtime resources attach to a subnet in a VCN.<\/li>\n
                                                                              • Ingress is allowed via security list\/NSG rules (ports like 80\/443\/8080).<\/li>\n
                                                                              • For production:<\/li>\n
                                                                              • prefer private subnets<\/strong> for workloads<\/li>\n
                                                                              • terminate TLS at a Load Balancer<\/li>\n
                                                                              • use controlled egress (NAT Gateway) for outbound internet access if required<\/li>\n<\/ul>\n\n\n\n

                                                                                Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n
                                                                                  \n
                                                                                • Use compartments for environment separation (dev\/stage\/prod).<\/li>\n
                                                                                • Apply tags (cost center, app name, owner, environment).<\/li>\n
                                                                                • Enable Logging for container logs (verify per service).<\/li>\n
                                                                                • Create alarms for:<\/li>\n
                                                                                • runtime health\/availability<\/li>\n
                                                                                • high CPU\/memory<\/li>\n
                                                                                • high 5xx from LB<\/li>\n
                                                                                • Track deployments via Audit and CI\/CD.<\/li>\n<\/ul>\n\n\n\n

                                                                                  Simple architecture diagram (conceptual)<\/h3>\n\n\n\n
                                                                                  flowchart LR\n  Dev[Developer Laptop \/ CI] -->|docker build| Img[Container Image]\n  Img -->|push| OCIR[(OCI Registry - OCIR)]\n  OCIR -->|pull| Runtime[Application Container Runtime]\n  User[Client] -->|HTTPS| LB[Load Balancer]\n  LB --> Runtime\n  Runtime --> DB[(Database)]\n  Runtime --> Logs[Logging\/Monitoring]\n<\/code><\/pre>\n\n\n\n
                                                                                  Production-style architecture diagram (OCI-native implementation)<\/h3>\n\n\n\n
                                                                                  flowchart TB\n  subgraph \"OCI Tenancy\"\n    subgraph \"Compartment: prod\"\n      OCIR[(OCIR Repo)]\n      Vault[(OCI Vault)]\n      Log[(OCI Logging)]\n      Mon[(OCI Monitoring\/Alarms)]\n      Audit[(OCI Audit)]\n\n      subgraph \"VCN\"\n        subgraph \"Public Subnet\"\n          LB[OCI Load Balancer\\nTLS Termination]\n          WAF[WAF \/ API Gateway (optional)\\nVerify in docs]\n        end\n        subgraph \"Private Subnet\"\n          RT[Container Runtime\\n(OCI Container Instances or OKE)]\n          NAT[NAT Gateway (optional)]\n        end\n        DB[(Autonomous DB \/ DB System)]\n      end\n    end\n  end\n\n  Internet[Internet Clients] --> WAF --> LB --> RT\n  RT --> DB\n  RT --> Vault\n  RT --> Log\n  RT --> Mon\n  Console[OCI Console\/CI-CD] -->|Deploy\/Update| RT\n  Console --> OCIR\n  Audit <-- Console\n<\/code><\/pre>\n\n\n\n
                                                                                  \n\n\n\n
                                                                                  8. Prerequisites<\/h2>\n\n\n\n
                                                                                  Because of the legacy vs OCI-native split, prerequisites are listed in two parts.<\/p>\n\n\n\n
                                                                                  A) If you are using legacy Oracle Cloud Classic \u201cApplication Container\u201d<\/h3>\n\n\n\n
                                                                                    \n
                                                                                  • An Oracle Cloud Classic account\/identity domain with the service enabled<\/li>\n
                                                                                  • Permissions to deploy applications and view logs<\/li>\n
                                                                                  • Access to the Classic console and documentation available to your account<\/li>\n
                                                                                  • Verify in official docs<\/strong> for Classic service onboarding (availability varies)<\/li>\n<\/ul>\n\n\n\n
                                                                                    B) For the executable lab in this tutorial (OCI-native \u201cApplication Container\u201d pattern)<\/h3>\n\n\n\n
                                                                                    You\u2019ll implement \u201cApplication Container\u201d outcomes using OCI Container Instances<\/strong> + OCIR<\/strong>.<\/p>\n\n\n\n
                                                                                    Account\/tenancy requirements<\/h4>\n\n\n\n
                                                                                      \n
                                                                                    • An Oracle Cloud (OCI)<\/strong> tenancy with access to:<\/li>\n
                                                                                    • OCI Registry (OCIR)<\/li>\n
                                                                                    • Container runtime service (commonly OCI Container Instances<\/strong>; verify region availability)<\/li>\n
                                                                                    • Networking (VCN)<\/li>\n
                                                                                    • Logging\/Monitoring<\/li>\n<\/ul>\n\n\n\n
                                                                                      Permissions \/ IAM<\/h4>\n\n\n\n
                                                                                      You need permissions to:\n– create and manage repositories in OCIR\n– create and manage networking (VCN\/subnets\/security rules)\n– create and manage container instances (or equivalent runtime resources)\n– view logs<\/p>\n\n\n\n
                                                                                      If you are not an admin, ask for a compartment-level policy set that allows those actions. Exact policy statements depend on your org model and the chosen runtime\u2014verify with OCI IAM docs.<\/strong><\/p>\n\n\n\n
                                                                                      OCI IAM docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/p>\n\n\n\n
                                                                                      Billing requirements<\/h4>\n\n\n\n
                                                                                        \n
                                                                                      • A paid tenancy or trial with billing enabled may be required.<\/li>\n
                                                                                      • OCI has an Always Free<\/strong> program, but not every service is Always Free in every region. Verify current eligibility<\/strong>:<\/li>\n
                                                                                      • https:\/\/www.oracle.com\/cloud\/free\/<\/li>\n<\/ul>\n\n\n\n
                                                                                        CLI\/SDK\/tools<\/h4>\n\n\n\n
                                                                                          \n
                                                                                        • Docker (or compatible container engine) locally<\/li>\n
                                                                                        • Optional: OCI CLI (useful for automation, not required for the lab)<\/li>\n
                                                                                        • OCI CLI docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/li>\n
                                                                                        • A code editor<\/li>\n<\/ul>\n\n\n\n
                                                                                          Region availability<\/h4>\n\n\n\n
                                                                                            \n
                                                                                          • Choose an OCI region where OCIR and the selected container runtime service are available.<\/li>\n
                                                                                          • If \u201cContainer Instances\u201d is not available in your region\/tenancy, use OKE<\/strong> or Compute + Docker<\/strong> as an alternative (not identical, but executable).<\/li>\n<\/ul>\n\n\n\n
                                                                                            Quotas\/limits<\/h4>\n\n\n\n
                                                                                              \n
                                                                                            • Service limits may restrict number of container instances, VCNs, or load balancers.<\/li>\n
                                                                                            • Check: OCI Console \u2192 Governance \u2192 Limits, Quotas (naming may vary\u2014verify).<\/li>\n<\/ul>\n\n\n\n
                                                                                              Prerequisite services<\/h4>\n\n\n\n
                                                                                                \n
                                                                                              • VCN with subnet(s)<\/li>\n
                                                                                              • OCIR repository (or a public registry image)<\/li>\n
                                                                                              • Logging (recommended)<\/li>\n<\/ul>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                9. Pricing \/ Cost<\/h2>\n\n\n\n
                                                                                                Current pricing model (how to think about it)<\/h3>\n\n\n\n
                                                                                                Because Application Container<\/strong> is widely associated with a legacy Oracle Cloud Classic<\/strong> service, pricing can be confusing:<\/p>\n\n\n\n
                                                                                                  \n
                                                                                                • Legacy (Classic) Application Container pricing:<\/strong> historically offered in metered\/non-metered models. Do not assume those SKUs are still purchasable or publicly listed. Verify in your Oracle contract and Classic pricing references available to your account.<\/strong><\/li>\n
                                                                                                • OCI-native approach pricing:<\/strong> you pay for the OCI services you use:<\/li>\n
                                                                                                • Container runtime (CPU\/memory time)<\/li>\n
                                                                                                • Networking (Load Balancer, outbound data transfer)<\/li>\n
                                                                                                • Registry storage and requests<\/li>\n
                                                                                                • Logging ingestion and retention (depending on configuration)<\/li>\n
                                                                                                • Any dependent data services (DB, Object Storage, Streaming)<\/li>\n<\/ul>\n\n\n\n
                                                                                                  Official pricing sources (start here)<\/h3>\n\n\n\n
                                                                                                    \n
                                                                                                  • Oracle Cloud Pricing: https:\/\/www.oracle.com\/cloud\/pricing\/<\/li>\n
                                                                                                  • Oracle Cloud Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/li>\n
                                                                                                  • OCI Price List (often linked from pricing pages): https:\/\/www.oracle.com\/cloud\/price-list\/<\/li>\n<\/ul>\n\n\n\n
                                                                                                    Pricing dimensions (OCI-native \u201cApplication Container\u201d pattern)<\/h3>\n\n\n\n
                                                                                                    The exact dimensions vary by service and region, but commonly include:<\/p>\n\n\n\n
                                                                                                      \n
                                                                                                    1. \n
                                                                                                      Compute for container runtime<\/strong>\n   – Billed by allocated CPU (OCPU\/vCPU) and memory per time unit\n   – Some runtimes may bill for provisioned capacity even when idle (verify)<\/p>\n<\/li>\n
                                                                                                    2. \n
                                                                                                      Load Balancer<\/strong>\n   – Hourly LB cost + bandwidth\/LCU-style usage (model varies\u2014verify in OCI LB pricing)<\/p>\n<\/li>\n
                                                                                                    3. \n
                                                                                                      Container registry (OCIR)<\/strong>\n   – Storage used by images\n   – Data transfer when pulling\/pushing images (especially cross-region)\n   – Requests\/operations may be priced (verify)<\/p>\n<\/li>\n
                                                                                                    4. \n
                                                                                                      Logging and Monitoring<\/strong>\n   – Log ingestion volume and retention can cost money depending on SKU\/config\n   – Metrics\/alarm features may have free quotas; verify<\/p>\n<\/li>\n
                                                                                                    5. \n
                                                                                                      Network egress<\/strong>\n   – Outbound data transfer to the internet is often a meaningful cost driver\n   – Cross-region data transfer can also cost money<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                      Free tier considerations<\/h3>\n\n\n\n
                                                                                                        \n
                                                                                                      • OCI Free Tier: https:\/\/www.oracle.com\/cloud\/free\/<\/li>\n
                                                                                                      • Free eligibility varies by region and service. Confirm whether Container Instances and Load Balancer usage is included or discounted.<\/strong><\/li>\n<\/ul>\n\n\n\n
                                                                                                        Key cost drivers<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        • Always-on workloads with high CPU\/memory allocation<\/li>\n
                                                                                                        • Public-facing services with high outbound bandwidth<\/li>\n
                                                                                                        • Frequent deployments pulling large images repeatedly<\/li>\n
                                                                                                        • High-volume logs (debug logging in production)<\/li>\n<\/ul>\n\n\n\n
                                                                                                          Hidden or indirect costs<\/h3>\n\n\n\n
                                                                                                            \n
                                                                                                          • CI\/CD runners<\/strong> (if self-hosted) and build minutes (if using external platforms)<\/li>\n
                                                                                                          • Image storage growth<\/strong> from unpruned tags<\/li>\n
                                                                                                          • Vulnerability scanning<\/strong> tooling (if not included) and operational overhead<\/li>\n
                                                                                                          • Data services<\/strong> (DB, cache) often dominate runtime costs<\/li>\n<\/ul>\n\n\n\n
                                                                                                            Network\/data transfer implications<\/h3>\n\n\n\n
                                                                                                              \n
                                                                                                            • Keep container runtime and database in the same region to avoid cross-region data charges and latency.<\/li>\n
                                                                                                            • Consider private endpoints and avoid routing internal traffic over the public internet.<\/li>\n<\/ul>\n\n\n\n
                                                                                                              How to optimize cost<\/h3>\n\n\n\n
                                                                                                                \n
                                                                                                              • Right-size CPU\/memory; measure before scaling up.<\/li>\n
                                                                                                              • Use autoscaling only where it truly reduces cost (some models scale capacity up but do not reduce to zero\u2014verify).<\/li>\n
                                                                                                              • Keep images small (multi-stage builds, slim base images).<\/li>\n
                                                                                                              • Reduce log verbosity; set retention policies.<\/li>\n
                                                                                                              • Use private networking to avoid unnecessary egress.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n
                                                                                                                A minimal starter setup typically includes:\n– 1 small container runtime instance (low CPU\/memory)\n– No load balancer (direct test endpoint) or a single small LB (if required)\n– Small OCIR repository with one image\n– Basic logging<\/p>\n\n\n\n
                                                                                                                Because prices vary by region and service SKU, use:\n– OCI Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html\nSelect your region, then add:\n– Container runtime service (Container Instances or OKE worker nodes)\n– Load Balancer (if used)\n– OCIR storage estimate (e.g., a few GB)\n– Expected outbound bandwidth (GB\/month)<\/p>\n\n\n\n
                                                                                                                Example production cost considerations<\/h3>\n\n\n\n
                                                                                                                In production, cost is usually dominated by:\n– multiple replicas for availability\n– a load balancer (often required)\n– outbound data transfer\n– database tier and storage\/IO\n– logging volume and retention\n– non-prod environments that are left running 24\/7<\/p>\n\n\n\n
                                                                                                                A practical governance approach:\n– Tag all resources with environment<\/code>, application<\/code>, owner<\/code>, cost-center<\/code>\n– Use budgets and alerts (OCI Budgets\u2014verify service availability)<\/p>\n\n\n\n
                                                                                                                \n\n\n\n
                                                                                                                10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n
                                                                                                                This lab shows a modern, executable<\/strong> \u201cApplication Container\u201d deployment pattern on Oracle Cloud (OCI)<\/strong> using:\n– OCI Registry (OCIR)<\/strong> to store your image\n– OCI Container Instances<\/strong> to run the container (or the closest equivalent available in your tenancy)<\/p>\n\n\n\n
                                                                                                                If OCI Container Instances<\/strong> is not available in your region\/tenancy, use OKE<\/strong> (more complex) or Compute + Docker<\/strong> (more manual). The image build\/push steps still apply.<\/p>\n\n\n\n
                                                                                                                Objective<\/h3>\n\n\n\n
                                                                                                                Build and deploy a small containerized web API (\u201chello\u201d) to Oracle Cloud so it runs as a managed container workload and is reachable over HTTP for validation.<\/p>\n\n\n\n
                                                                                                                Lab Overview<\/h3>\n\n\n\n
                                                                                                                You will:\n1. Create (or choose) an OCI compartment and network (VCN + subnet).\n2. Create an OCIR repository and push a container image.\n3. Deploy the image to a managed container runtime (OCI Container Instances).\n4. Validate the service endpoint and view logs.\n5. Clean up resources to avoid ongoing charges.<\/p>\n\n\n\n
                                                                                                                Step 1: Prepare your OCI compartment and region<\/h3>\n\n\n\n
                                                                                                                  \n
                                                                                                                1. Sign in to the OCI Console<\/strong>.<\/li>\n
                                                                                                                2. Choose the region<\/strong> you will use (top-right region selector).<\/li>\n
                                                                                                                3. Create or select a compartment<\/strong> for the lab, for example: lab-application-container<\/code>.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                  Expected outcome:<\/strong> You have a compartment to isolate resources and costs.<\/p>\n\n\n\n
                                                                                                                  Verification:<\/strong>\n– You can see the compartment in the compartment selector.\n– You have permission to create networking and registry resources in it.<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Step 2: Create a VCN and a public subnet (for a simple demo)<\/h3>\n\n\n\n
                                                                                                                  For a beginner-friendly demo, use a VCN with a public subnet so you can test from your laptop. For production, prefer a private subnet + load balancer.<\/p>\n\n\n\n
                                                                                                                    \n
                                                                                                                  1. In OCI Console, go to Networking \u2192 Virtual Cloud Networks<\/strong>.<\/li>\n
                                                                                                                  2. Create VCN.<\/li>\n
                                                                                                                  3. Choose VCN with Internet Connectivity<\/strong> (wizard naming may vary; verify).<\/li>\n
                                                                                                                  4. Ensure you get:\n   – a VCN\n   – an Internet Gateway<\/strong>\n   – a public subnet<\/strong>\n   – a route table that routes 0.0.0.0\/0<\/code> to the Internet Gateway<\/li>\n<\/ol>\n\n\n\n
                                                                                                                    Expected outcome:<\/strong> A VCN exists with a public subnet capable of inbound\/outbound internet connectivity.<\/p>\n\n\n\n
                                                                                                                    Verification:<\/strong>\n– Subnet is marked public (or has route via Internet Gateway).\n– Route table includes 0.0.0.0\/0 -> Internet Gateway<\/code>.<\/p>\n\n\n\n
                                                                                                                    Security rule setup (important):<\/strong>\n– Add an ingress rule (Security List or NSG depending on your design) to allow TCP 8080<\/strong> from your IP for the lab:\n  – Source: your-public-ip\/32<\/code> (recommended)\n  – Destination port: 8080<\/code>\n  – Protocol: TCP<\/p>\n\n\n\n
                                                                                                                    If you cannot restrict to your IP, use 0.0.0.0\/0<\/code> temporarily only for this lab<\/strong>, then remove it.<\/p>\n\n\n\n
                                                                                                                    Expected outcome:<\/strong> Network rules allow inbound access to port 8080.<\/p>\n\n\n\n
                                                                                                                    \n\n\n\n
                                                                                                                    Step 3: Create an OCIR repository<\/h3>\n\n\n\n
                                                                                                                      \n
                                                                                                                    1. In OCI Console, navigate to Developer Services<\/strong> \u2192 Container Registry (OCIR)<\/strong> (menu names vary; you can also search for \u201cRegistry\u201d).<\/li>\n
                                                                                                                    2. Create a new repository, for example:\n   – Repository name: hello-application-container<\/code>\n   – Visibility: Private<\/strong> (recommended)<\/li>\n<\/ol>\n\n\n\n
                                                                                                                      Expected outcome:<\/strong> A private OCIR repository exists.<\/p>\n\n\n\n
                                                                                                                      Verification:<\/strong>\n– Repository shows up in OCIR with an empty tag list initially.<\/p>\n\n\n\n
                                                                                                                      \n\n\n\n
                                                                                                                      Step 4: Create an Auth Token for OCIR (for Docker login)<\/h3>\n\n\n\n
                                                                                                                      OCIR commonly uses an Auth Token<\/strong> for Docker CLI authentication.<\/p>\n\n\n\n
                                                                                                                        \n
                                                                                                                      1. Go to Profile \u2192 User settings (top-right user menu).<\/li>\n
                                                                                                                      2. Find Auth Tokens<\/strong>.<\/li>\n
                                                                                                                      3. Generate a new token (save it securely; you typically can\u2019t view it again).<\/li>\n<\/ol>\n\n\n\n
                                                                                                                        Expected outcome:<\/strong> You have an auth token string.<\/p>\n\n\n\n
                                                                                                                        Verification:<\/strong>\n– Token appears in your Auth Tokens list.<\/p>\n\n\n\n
                                                                                                                        Security note:<\/strong> Treat auth tokens like passwords. Prefer short-lived tokens and least privilege.<\/p>\n\n\n\n
                                                                                                                        \n\n\n\n
                                                                                                                        Step 5: Build a tiny web app and container image locally<\/h3>\n\n\n\n
                                                                                                                        Create a folder hello-app<\/code> with two files.<\/p>\n\n\n\n
                                                                                                                        app.py<\/code><\/h4>\n\n\n\n
                                                                                                                        from flask import Flask\nimport os\n\napp = Flask(__name__)\n\n@app.get(\"\/\")\ndef hello():\n    name = os.getenv(\"NAME\", \"Oracle Cloud\")\n    return {\"message\": f\"Hello from Application Container pattern on {name}!\"}\n\nif __name__ == \"__main__\":\n    # Container Instances typically expects you to bind to 0.0.0.0\n    app.run(host=\"0.0.0.0\", port=8080)\n<\/code><\/pre>\n\n\n\n
                                                                                                                        requirements.txt<\/code><\/h4>\n\n\n\n
                                                                                                                        flask==3.0.3\n<\/code><\/pre>\n\n\n\n
                                                                                                                        Dockerfile<\/code><\/h4>\n\n\n\n
                                                                                                                        FROM python:3.12-slim\n\nWORKDIR \/app\nCOPY requirements.txt .\nRUN pip install --no-cache-dir -r requirements.txt\n\nCOPY app.py .\n\nENV PORT=8080\nEXPOSE 8080\n\nCMD [\"python\", \"app.py\"]\n<\/code><\/pre>\n\n\n\n
                                                                                                                        Build the image:<\/p>\n\n\n\n
                                                                                                                        cd hello-app\ndocker build -t hello-application-container:1.0 .\n<\/code><\/pre>\n\n\n\n
                                                                                                                        Run locally to confirm:<\/p>\n\n\n\n
                                                                                                                        docker run --rm -p 8080:8080 -e NAME=\"Oracle Cloud\" hello-application-container:1.0\n<\/code><\/pre>\n\n\n\n
                                                                                                                        Test:<\/p>\n\n\n\n
                                                                                                                        curl http:\/\/localhost:8080\/\n<\/code><\/pre>\n\n\n\n
                                                                                                                        Expected outcome:<\/strong>\n– You receive a JSON response like:\n  – {\"message\":\"Hello from Application Container pattern on Oracle Cloud!\"}<\/code><\/p>\n\n\n\n
                                                                                                                        Verification:<\/strong>\n– The container logs show Flask listening on 0.0.0.0:8080<\/code>.<\/p>\n\n\n\n
                                                                                                                        \n\n\n\n
                                                                                                                        Step 6: Log in to OCIR and push the image<\/h3>\n\n\n\n
                                                                                                                        OCIR registry endpoints are region-specific and tenancy-specific. The exact registry URL format can vary (for example, includes a region key and tenancy namespace). Use the OCIR console \u201cView Login Instructions\u201d (or similar) to get the exact commands for your region.<\/strong><\/p>\n\n\n\n
                                                                                                                        Typical flow:<\/p>\n\n\n\n
                                                                                                                          \n
                                                                                                                        1. Get your OCIR namespace (shown in the OCIR console).<\/li>\n
                                                                                                                        2. Identify the OCIR registry endpoint for your region (shown in login instructions).<\/li>\n
                                                                                                                        3. Docker login using:\n   – Username: often in the form tenancy-namespace\/oracleidentitycloudservice\/your.user@company.com<\/code> (format varies\u2014verify)\n   – Password: the auth token you created<\/li>\n<\/ol>\n\n\n\n
                                                                                                                          Example pattern (VERIFY and replace with your values):<\/p>\n\n\n\n
                                                                                                                          docker login <region-key>.ocir.io\n<\/code><\/pre>\n\n\n\n
                                                                                                                          Tag your image for OCIR (VERIFY registry\/namespace\/repo):<\/p>\n\n\n\n
                                                                                                                          docker tag hello-application-container:1.0 <region-key>.ocir.io\/<ocir-namespace>\/hello-application-container:1.0\n<\/code><\/pre>\n\n\n\n
                                                                                                                          Push:<\/p>\n\n\n\n
                                                                                                                          docker push <region-key>.ocir.io\/<ocir-namespace>\/hello-application-container:1.0\n<\/code><\/pre>\n\n\n\n
                                                                                                                          Expected outcome:<\/strong> The image is uploaded and visible in OCIR with tag 1.0<\/code>.<\/p>\n\n\n\n
                                                                                                                          Verification:<\/strong>\n– In OCIR console, open the repository and confirm the tag is present.\n– The image size and digest are shown.<\/p>\n\n\n\n
                                                                                                                          \n\n\n\n
                                                                                                                          Step 7: Deploy the image to OCI Container Instances (runtime)<\/h3>\n\n\n\n
                                                                                                                          Console navigation varies; use the search bar for \u201cContainer Instances\u201d<\/strong>.<\/p>\n\n\n\n
                                                                                                                            \n
                                                                                                                          1. Go to Container Instances<\/strong>.<\/li>\n
                                                                                                                          2. Create a new container instance with:\n   – Compartment: lab-application-container<\/code>\n   – Name: hello-ci-1<\/code>\n   – VCN\/subnet: select your public subnet created earlier\n   – Image source: OCIR<\/strong> and select your repository\/tag\n   – Container port: 8080<\/code>\n   – Environment variables:
                                                                                                                              \n
                                                                                                                            • NAME=Oracle Cloud<\/code><\/li>\n
                                                                                                                            • Public IP:<\/li>\n
                                                                                                                            • Enable if you want direct public testing (lab only)<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                                              Expected outcome:<\/strong> A container instance is created and transitions to a running\/active state.<\/p>\n\n\n\n
                                                                                                                              Verification:<\/strong>\n– Container instance lifecycle state is \u201cRunning\u201d (wording may differ).\n– It shows an assigned private IP and (if enabled) a public IP.<\/p>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Step 8: Test the deployed service<\/h3>\n\n\n\n
                                                                                                                              If you enabled a public IP, test it:<\/p>\n\n\n\n
                                                                                                                              curl http:\/\/<PUBLIC_IP>:8080\/\n<\/code><\/pre>\n\n\n\n
                                                                                                                              Expected outcome:<\/strong> You receive the same JSON message from Oracle Cloud.<\/p>\n\n\n\n
                                                                                                                              Verification checklist:<\/strong>\n– HTTP 200 response\n– Correct JSON payload\n– Container instance metrics\/logs show activity (if enabled)<\/p>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Step 9: View logs (and confirm operational visibility)<\/h3>\n\n\n\n
                                                                                                                              Depending on your setup, you may:\n– view logs in the container instance details page, or\n– configure OCI Logging to collect container logs<\/p>\n\n\n\n
                                                                                                                              Check:\n– OCI Console \u2192 Logging \u2192 Log Explorer (if configured)\n– Container instance details \u2192 Logs (if present)<\/p>\n\n\n\n
                                                                                                                              Expected outcome:<\/strong> You can see request logs and application startup logs.<\/p>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Validation<\/h3>\n\n\n\n
                                                                                                                              You have successfully implemented an \u201cApplication Container\u201d runtime pattern on Oracle Cloud if:\n– The container image exists in OCIR\n– The container runtime is running the image\n– You can curl<\/code> the endpoint and receive a valid response\n– You can access logs for basic troubleshooting<\/p>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Troubleshooting<\/h3>\n\n\n\n
                                                                                                                              Issue: docker login<\/code> fails (401 Unauthorized)<\/h4>\n\n\n\n
                                                                                                                              Common causes<\/strong>\n– Using your OCI console password instead of an Auth Token\n– Wrong OCIR endpoint\/region key\n– Wrong username format<\/p>\n\n\n\n
                                                                                                                              Fix<\/strong>\n– Re-check OCIR \u201clogin instructions\u201d in the console\n– Create a new Auth Token and retry\n– Confirm your user has permissions to access OCIR in the compartment\/tenancy<\/p>\n\n\n\n
                                                                                                                              Issue: Push succeeds, but runtime can\u2019t pull image<\/h4>\n\n\n\n
                                                                                                                              Common causes<\/strong>\n– Repository is private and runtime lacks permission\n– Incorrect image tag specified\n– Network egress blocked<\/p>\n\n\n\n
                                                                                                                              Fix<\/strong>\n– Verify repository visibility and IAM permissions\n– Confirm the exact image reference\n– Ensure the runtime subnet has required routing (and NAT\/IGW if needed)<\/p>\n\n\n\n
                                                                                                                              Issue: curl<\/code> times out<\/h4>\n\n\n\n
                                                                                                                              Common causes<\/strong>\n– Ingress rule missing for port 8080\n– Public IP not enabled\n– App bound to 127.0.0.1<\/code> instead of 0.0.0.0<\/code><\/p>\n\n\n\n
                                                                                                                              Fix<\/strong>\n– Add\/verify security list or NSG rule for TCP 8080\n– Confirm the runtime has a public IP for direct testing\n– Ensure app listens on 0.0.0.0<\/code> (as in this lab)<\/p>\n\n\n\n
                                                                                                                              Issue: Container starts then stops<\/h4>\n\n\n\n
                                                                                                                              Common causes<\/strong>\n– App crashes due to missing dependencies\n– Wrong command\/port\n– Not enough memory<\/p>\n\n\n\n
                                                                                                                              Fix<\/strong>\n– Review container logs\n– Run the same container locally\n– Increase memory allocation (and then optimize later)<\/p>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Cleanup<\/h3>\n\n\n\n
                                                                                                                              To avoid charges, delete resources created in this lab:<\/p>\n\n\n\n
                                                                                                                                \n
                                                                                                                              1. Delete the container instance<\/strong>.<\/li>\n
                                                                                                                              2. Delete the OCIR repository<\/strong> (and images).<\/li>\n
                                                                                                                              3. Delete the VCN<\/strong> (wizard-created VCN deletion typically removes sub-resources; verify dependencies).<\/li>\n
                                                                                                                              4. Delete any log groups\/logs<\/strong> created specifically for the lab.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                Expected outcome:<\/strong> No billable resources remain for the tutorial.<\/p>\n\n\n\n
                                                                                                                                \n\n\n\n
                                                                                                                                11. Best Practices<\/h2>\n\n\n\n
                                                                                                                                Architecture best practices<\/h3>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                • Prefer stateless<\/strong> services; store state in managed services (DB, Object Storage).<\/li>\n
                                                                                                                                • Put production workloads in private subnets<\/strong>; use a Load Balancer for ingress.<\/li>\n
                                                                                                                                • Design for multi-AZ\/AD<\/strong> patterns where applicable (OCI constructs vary; verify per region\/service).<\/li>\n
                                                                                                                                • Use health checks<\/strong> and graceful shutdown in your app.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                  IAM\/security best practices<\/h3>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  • Use least-privilege IAM policies scoped to compartments.<\/li>\n
                                                                                                                                  • Separate duties:<\/li>\n
                                                                                                                                  • developers can push images to specific repos<\/li>\n
                                                                                                                                  • platform team controls runtime creation and networking<\/li>\n
                                                                                                                                  • Rotate auth tokens and credentials regularly.<\/li>\n
                                                                                                                                  • Use dynamic groups<\/strong> and instance principals\/service principals where possible (verify support for your runtime service).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                    Cost best practices<\/h3>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • Right-size CPU\/memory; start small and measure.<\/li>\n
                                                                                                                                    • Remove unused images\/tags in OCIR (lifecycle policies if available\u2014verify).<\/li>\n
                                                                                                                                    • Use budgets\/alerts and tags for chargeback.<\/li>\n
                                                                                                                                    • Avoid excessive logging; set retention.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                      Performance best practices<\/h3>\n\n\n\n
                                                                                                                                        \n
                                                                                                                                      • Use small images; multi-stage builds.<\/li>\n
                                                                                                                                      • Cache dependencies at build time.<\/li>\n
                                                                                                                                      • Add app-level metrics (OpenTelemetry\/Prometheus patterns) and track latency\/throughput.<\/li>\n
                                                                                                                                      • Use connection pooling for DB access.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                        Reliability best practices<\/h3>\n\n\n\n
                                                                                                                                          \n
                                                                                                                                        • Run multiple replicas behind a load balancer for critical services.<\/li>\n
                                                                                                                                        • Implement retries with backoff for downstream calls.<\/li>\n
                                                                                                                                        • Use timeouts and circuit breakers.<\/li>\n
                                                                                                                                        • Keep deployments reversible (version tags, rollback playbook).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                          Operations best practices<\/h3>\n\n\n\n
                                                                                                                                            \n
                                                                                                                                          • Centralize logs and standardize log fields (service name, version, request-id).<\/li>\n
                                                                                                                                          • Set alarms on:<\/li>\n
                                                                                                                                          • container restarts\/crash loops<\/li>\n
                                                                                                                                          • high latency \/ 5xx at the edge<\/li>\n
                                                                                                                                          • CPU\/memory saturation<\/li>\n
                                                                                                                                          • Create runbooks for common failures (image pull errors, network rules, quota limits).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                            Governance\/tagging\/naming best practices<\/h3>\n\n\n\n
                                                                                                                                              \n
                                                                                                                                            • Naming:<\/li>\n
                                                                                                                                            • env-app-component<\/code> (e.g., prod-payments-api<\/code>)<\/li>\n
                                                                                                                                            • Tags:<\/li>\n
                                                                                                                                            • environment=dev|stage|prod<\/code><\/li>\n
                                                                                                                                            • application=hello<\/code><\/li>\n
                                                                                                                                            • owner=email\/team<\/code><\/li>\n
                                                                                                                                            • cost-center=...<\/code><\/li>\n
                                                                                                                                            • Use compartments per environment and per team for clarity and blast-radius control.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                              \n\n\n\n
                                                                                                                                              12. Security Considerations<\/h2>\n\n\n\n
                                                                                                                                              Identity and access model<\/h3>\n\n\n\n
                                                                                                                                                \n
                                                                                                                                              • OCI uses IAM policies<\/strong> evaluated against groups<\/strong>, dynamic groups<\/strong>, and resource principals<\/strong>.<\/li>\n
                                                                                                                                              • Control access to:<\/li>\n
                                                                                                                                              • OCIR repositories (push\/pull)<\/li>\n
                                                                                                                                              • runtime creation\/update<\/li>\n
                                                                                                                                              • logs and metrics visibility<\/li>\n
                                                                                                                                              • Prefer automation identities for CI\/CD rather than personal user accounts.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                IAM docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/p>\n\n\n\n
                                                                                                                                                Encryption<\/h3>\n\n\n\n
                                                                                                                                                  \n
                                                                                                                                                • Data at rest encryption is generally provided by OCI for managed services (verify per service).<\/li>\n
                                                                                                                                                • Data in transit:<\/li>\n
                                                                                                                                                • Use TLS end-to-end where possible<\/li>\n
                                                                                                                                                • Terminate TLS at an OCI Load Balancer for simpler cert management (or use mTLS patterns if required\u2014verify)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                  Network exposure<\/h3>\n\n\n\n
                                                                                                                                                    \n
                                                                                                                                                  • Avoid public IPs in production.<\/li>\n
                                                                                                                                                  • Use:<\/li>\n
                                                                                                                                                  • private subnets for workloads<\/li>\n
                                                                                                                                                  • Load Balancer\/WAF\/API Gateway for ingress control<\/li>\n
                                                                                                                                                  • tightly scoped security rules (source IP restrictions)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                    Secrets handling<\/h3>\n\n\n\n
                                                                                                                                                    Common mistakes:\n– baking secrets into container images\n– putting secrets directly into environment variables stored in plaintext configs<\/p>\n\n\n\n
                                                                                                                                                    Recommendations:\n– Use OCI Vault<\/strong> for secrets, keys, and certificates.\n– Inject secrets at runtime using a supported secret delivery method (depends on runtime; verify).\n– Rotate secrets and audit access.<\/p>\n\n\n\n
                                                                                                                                                    Vault docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/KeyManagement\/home.htm<\/p>\n\n\n\n
                                                                                                                                                    Audit\/logging<\/h3>\n\n\n\n
                                                                                                                                                      \n
                                                                                                                                                    • Enable OCI Audit<\/strong> (generally enabled by default for OCI API calls; verify) and review:<\/li>\n
                                                                                                                                                    • who deployed<\/li>\n
                                                                                                                                                    • what changed<\/li>\n
                                                                                                                                                    • when changes occurred<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                      Audit docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Audit\/home.htm\nLogging docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Logging\/home.htm<\/p>\n\n\n\n
                                                                                                                                                      Compliance considerations<\/h3>\n\n\n\n
                                                                                                                                                        \n
                                                                                                                                                      • Ensure data residency requirements are met by choosing the correct region.<\/li>\n
                                                                                                                                                      • Use compartment separation and IAM controls to enforce environment boundaries.<\/li>\n
                                                                                                                                                      • For regulated workloads, document:<\/li>\n
                                                                                                                                                      • encryption controls<\/li>\n
                                                                                                                                                      • access reviews<\/li>\n
                                                                                                                                                      • logging retention<\/li>\n
                                                                                                                                                      • incident response procedures<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                        Secure deployment recommendations<\/h3>\n\n\n\n
                                                                                                                                                          \n
                                                                                                                                                        • Use signed images or provenance where possible (tooling-dependent; verify OCI support).<\/li>\n
                                                                                                                                                        • Scan images for vulnerabilities in CI (and optionally in registry if supported\u2014verify).<\/li>\n
                                                                                                                                                        • Use minimal base images and pinned versions.<\/li>\n
                                                                                                                                                        • Run as non-root in containers where possible.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                          \n\n\n\n
                                                                                                                                                          13. Limitations and Gotchas<\/h2>\n\n\n\n
                                                                                                                                                          Known limitations (practical)<\/h3>\n\n\n\n
                                                                                                                                                            \n
                                                                                                                                                          • Legacy ambiguity:<\/strong> \u201cApplication Container\u201d often refers to a Classic<\/strong> service that may be retired or unavailable for new accounts.<\/li>\n
                                                                                                                                                          • Feature variance by runtime:<\/strong> OCI Container Instances vs OKE vs Compute+Docker have different capabilities and operational responsibilities.<\/li>\n
                                                                                                                                                          • Ingress design:<\/strong> Direct public IP testing is easy, but production-grade ingress usually needs a Load Balancer and careful security controls.<\/li>\n
                                                                                                                                                          • Stateful workloads:<\/strong> Containers are best for stateless services; persistent disks and state introduce complexity (use DB\/Object Storage).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                            Quotas<\/h3>\n\n\n\n
                                                                                                                                                              \n
                                                                                                                                                            • Limits can block creation of:<\/li>\n
                                                                                                                                                            • container instances<\/li>\n
                                                                                                                                                            • VCNs\/subnets<\/li>\n
                                                                                                                                                            • load balancers<\/li>\n
                                                                                                                                                            • public IPs\nCheck limits in OCI Console (Governance).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                              Regional constraints<\/h3>\n\n\n\n
                                                                                                                                                                \n
                                                                                                                                                              • Not every OCI service is available in every region.<\/li>\n
                                                                                                                                                              • Some features arrive region-by-region. Always verify the region\u2019s service availability.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                Pricing surprises<\/h3>\n\n\n\n
                                                                                                                                                                  \n
                                                                                                                                                                • Load balancers and outbound bandwidth can dwarf compute costs.<\/li>\n
                                                                                                                                                                • Logging ingestion\/retention can become expensive at scale if not controlled.<\/li>\n
                                                                                                                                                                • Pulling large images repeatedly (especially cross-region) can increase network cost.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                  Compatibility issues<\/h3>\n\n\n\n
                                                                                                                                                                    \n
                                                                                                                                                                  • Containers requiring privileged mode, special kernel modules, or host networking may not run in managed runtimes.<\/li>\n
                                                                                                                                                                  • Some runtimes restrict writable filesystem paths; design apps accordingly.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                    Operational gotchas<\/h3>\n\n\n\n
                                                                                                                                                                      \n
                                                                                                                                                                    • Misconfigured security lists\/NSGs are the #1 reason endpoints \u201cdon\u2019t work\u201d.<\/li>\n
                                                                                                                                                                    • Image pull failures often trace back to IAM permissions or wrong OCIR reference.<\/li>\n
                                                                                                                                                                    • Large images slow deployments; keep them lean.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                      Migration challenges<\/h3>\n\n\n\n
                                                                                                                                                                      If you\u2019re migrating from Oracle Cloud Classic \u201cApplication Container\u201d:\n– Expect changes in identity model (Classic identity domain vs OCI IAM\/compartments).\n– Networking models differ; plan VCN\/subnet and routing carefully.\n– Rebuild CI\/CD pipelines to target OCIR and OCI runtime APIs.<\/p>\n\n\n\n
                                                                                                                                                                      \n\n\n\n
                                                                                                                                                                      14. Comparison with Alternatives<\/h2>\n\n\n\n
                                                                                                                                                                      Options to consider<\/h3>\n\n\n\n
                                                                                                                                                                        \n
                                                                                                                                                                      • Within Oracle Cloud (OCI):<\/strong><\/li>\n
                                                                                                                                                                      • OCI Container Instances (closest \u201crun my container\u201d experience)<\/li>\n
                                                                                                                                                                      • OCI Container Engine for Kubernetes (OKE)<\/li>\n
                                                                                                                                                                      • OCI Functions<\/li>\n
                                                                                                                                                                      • OCI Compute + self-managed Docker<\/li>\n
                                                                                                                                                                      • Other clouds:<\/strong><\/li>\n
                                                                                                                                                                      • AWS App Runner, ECS\/Fargate<\/li>\n
                                                                                                                                                                      • Azure Container Apps \/ AKS<\/li>\n
                                                                                                                                                                      • Google Cloud Run \/ GKE<\/li>\n
                                                                                                                                                                      • Open-source\/self-managed:<\/strong><\/li>\n
                                                                                                                                                                      • Kubernetes (self-managed)<\/li>\n
                                                                                                                                                                      • Nomad<\/li>\n
                                                                                                                                                                      • Docker Swarm (less common)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                        Comparison table<\/h3>\n\n\n\n
                                                                                                                                                                        \n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                        Option<\/th>\nBest For<\/th>\nStrengths<\/th>\nWeaknesses<\/th>\nWhen to Choose<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                        Oracle Cloud \u2013 Application Container (Classic legacy)<\/strong><\/td>\nExisting Classic customers<\/td>\nPaaS-style simplicity (historically)<\/td>\nMay be legacy\/retired; limited new adoption<\/td>\nOnly if your org already uses it and it\u2019s still supported for you<\/td>\n<\/tr>\n
                                                                                                                                                                        OCI Container Instances<\/strong><\/td>\nSimple containerized services without Kubernetes<\/td>\nMinimal ops; quick deploy; integrates with OCI IAM\/VCN<\/td>\nLess control than Kubernetes; feature set depends on service<\/td>\nDefault choice for \u201crun a container\u201d on OCI if available<\/td>\n<\/tr>\n
                                                                                                                                                                        OCI Container Engine for Kubernetes (OKE)<\/strong><\/td>\nPlatform teams, complex microservices, Kubernetes ecosystem<\/td>\nKubernetes flexibility; ecosystem tools; advanced scheduling<\/td>\nOperational complexity; cluster management<\/td>\nChoose when you need Kubernetes primitives and integrations<\/td>\n<\/tr>\n
                                                                                                                                                                        OCI Functions<\/strong><\/td>\nEvent-driven workloads, spiky traffic<\/td>\nServerless model; per-invocation patterns<\/td>\nRuntime\/time limits; not ideal for long-running services<\/td>\nChoose for async\/event-based execution<\/td>\n<\/tr>\n
                                                                                                                                                                        OCI Compute + Docker<\/strong><\/td>\nMaximum control, specialized workloads<\/td>\nFull OS control; broad compatibility<\/td>\nYou manage patching, scaling, host security<\/td>\nChoose when managed runtimes don\u2019t support your needs<\/td>\n<\/tr>\n
                                                                                                                                                                        AWS App Runner \/ ECS Fargate<\/strong><\/td>\nManaged containers on AWS<\/td>\nMature ecosystem; multiple runtime choices<\/td>\nVendor differences; networking\/IAM changes<\/td>\nChoose if workloads are primarily AWS-based<\/td>\n<\/tr>\n
                                                                                                                                                                        Azure Container Apps<\/strong><\/td>\nManaged containers on Azure<\/td>\nGood developer experience; KEDA scaling<\/td>\nAzure-specific operational model<\/td>\nChoose if workloads are primarily Azure-based<\/td>\n<\/tr>\n
                                                                                                                                                                        Google Cloud Run<\/strong><\/td>\nServerless containers<\/td>\nVery simple deploy; scale-to-zero patterns<\/td>\nPlatform constraints; Google-specific<\/td>\nChoose for HTTP workloads with bursty traffic<\/td>\n<\/tr>\n
                                                                                                                                                                        Self-managed Kubernetes<\/strong><\/td>\nFull control across environments<\/td>\nPortability; no managed-service constraints<\/td>\nHighest ops cost; steep learning curve<\/td>\nChoose when you must control everything and accept ops overhead<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                        \n\n\n\n
                                                                                                                                                                        15. Real-World Example<\/h2>\n\n\n\n
                                                                                                                                                                        Enterprise example: Internal API modernization with controlled network access<\/h3>\n\n\n\n
                                                                                                                                                                          \n
                                                                                                                                                                        • Problem:<\/strong> A finance enterprise is decomposing a monolith into internal microservices. Services must be reachable only within corporate networks, with strict auditability.<\/li>\n
                                                                                                                                                                        • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                                                        • Container images stored in OCIR<\/strong><\/li>\n
                                                                                                                                                                        • Services deployed to OCI Container Instances<\/strong> (or OKE if Kubernetes standards are mandated)<\/li>\n
                                                                                                                                                                        • Workloads run in private subnets<\/strong><\/li>\n
                                                                                                                                                                        • Ingress via OCI Load Balancer<\/strong> (internal) and corporate connectivity (VPN\/FastConnect)<\/li>\n
                                                                                                                                                                        • Secrets in OCI Vault<\/strong><\/li>\n
                                                                                                                                                                        • Logs in OCI Logging<\/strong>, alarms in OCI Monitoring<\/strong>, audit via OCI Audit<\/strong><\/li>\n
                                                                                                                                                                        • Why this service was chosen:<\/strong> The \u201cApplication Container\u201d approach standardizes deployment via images while avoiding host management; private networking aligns with security controls.<\/li>\n
                                                                                                                                                                        • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                                                        • Faster release cadence with consistent deployments<\/li>\n
                                                                                                                                                                        • Reduced attack surface (no public IPs)<\/li>\n
                                                                                                                                                                        • Better operational visibility and audit trails<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                          Startup\/small-team example: Public SaaS API with minimal platform overhead<\/h3>\n\n\n\n
                                                                                                                                                                            \n
                                                                                                                                                                          • Problem:<\/strong> A startup needs to ship a public API quickly with a small team and limited SRE bandwidth.<\/li>\n
                                                                                                                                                                          • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                                                          • Build\/push images to OCIR<\/strong><\/li>\n
                                                                                                                                                                          • Run API on OCI Container Instances<\/strong><\/li>\n
                                                                                                                                                                          • Public ingress via a single OCI Load Balancer<\/strong> (TLS termination)<\/li>\n
                                                                                                                                                                          • Use managed database (Autonomous Database or MySQL\u2014choice depends on app needs)<\/li>\n
                                                                                                                                                                          • Basic alarms for uptime and error rates<\/li>\n
                                                                                                                                                                          • Why this service was chosen:<\/strong> Containers provide portability and developer speed; managed runtime avoids building Kubernetes expertise early.<\/li>\n
                                                                                                                                                                          • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                                                          • Quick deployments, simpler operations<\/li>\n
                                                                                                                                                                          • Cost control via right-sizing and image optimization<\/li>\n
                                                                                                                                                                          • Clear migration path to OKE if complexity grows<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                            \n\n\n\n
                                                                                                                                                                            16. FAQ<\/h2>\n\n\n\n
                                                                                                                                                                            1) Is \u201cApplication Container\u201d an active OCI service today?<\/strong>\n\u201cApplication Container\u201d is often used to refer to Oracle Application Container Cloud Service (Classic)<\/strong>, which may be legacy\/retired for new onboarding. For OCI, similar functionality is typically delivered by OCI Container Instances<\/strong> or OKE<\/strong>. Verify in official Oracle docs for your tenancy.<\/strong><\/p>\n\n\n\n
                                                                                                                                                                            2) What is the closest OCI-native equivalent to Application Container?<\/strong>\nUsually OCI Container Instances<\/strong> for \u201crun my container\u201d simplicity, or OKE<\/strong> if you need Kubernetes.<\/p>\n\n\n\n
                                                                                                                                                                            3) Do I need Kubernetes to run containers on Oracle Cloud?<\/strong>\nNo. You can run containers using managed runtimes (if available) or on Compute instances with Docker. Kubernetes is optional.<\/p>\n\n\n\n
                                                                                                                                                                            4) Where should I store container images in Oracle Cloud?<\/strong>\nUse OCI Registry (OCIR)<\/strong> for private images and IAM-governed access.<\/p>\n\n\n\n
                                                                                                                                                                            5) How do I secure my container endpoint?<\/strong>\nPrefer private subnets; place an OCI Load Balancer in front; restrict ingress; use TLS; optionally use WAF\/API Gateway (verify) and strong IAM.<\/p>\n\n\n\n
                                                                                                                                                                            6) How do I manage secrets for container apps on OCI?<\/strong>\nUse OCI Vault<\/strong>. Avoid embedding secrets in images. The injection mechanism depends on your runtime\u2014verify.<\/p>\n\n\n\n
                                                                                                                                                                            7) What networking is required?<\/strong>\nAt minimum: a VCN, a subnet, and security rules allowing required ports. Production usually uses private subnets + LB + controlled egress.<\/p>\n\n\n\n
                                                                                                                                                                            8) What\u2019s the biggest cause of deployment failure?<\/strong>\nMisconfigured IAM permissions for pulling images from OCIR and misconfigured security lists\/NSGs for inbound traffic.<\/p>\n\n\n\n
                                                                                                                                                                            9) How do I monitor container health?<\/strong>\nUse OCI Monitoring metrics (service-provided) plus application metrics. Add alarms for availability and resource saturation.<\/p>\n\n\n\n
                                                                                                                                                                            10) Is there an Always Free option for this pattern?<\/strong>\nOCI Free Tier exists, but eligibility varies by service and region. Verify current free-tier coverage for Container Instances, LB, and Logging.<\/p>\n\n\n\n
                                                                                                                                                                            11) Can I run stateful workloads (databases) in Application Container?<\/strong>\nNot recommended. Use managed database services. Containers are best for stateless services.<\/p>\n\n\n\n
                                                                                                                                                                            12) How do I roll back a bad release?<\/strong>\nUse immutable tags\/versions; redeploy the prior image tag; keep a rollback runbook. Advanced traffic shifting typically requires LB-based patterns.<\/p>\n\n\n\n
                                                                                                                                                                            13) Do I need a load balancer for production?<\/strong>\nFor most production HTTP services, yes\u2014especially for TLS termination, stable ingress, and multi-instance distribution.<\/p>\n\n\n\n
                                                                                                                                                                            14) How do I reduce container image size?<\/strong>\nUse slim base images, multi-stage builds, remove build tools, and pin dependencies.<\/p>\n\n\n\n
                                                                                                                                                                            15) What\u2019s the migration path from legacy Classic Application Container?<\/strong>\nTypically: rebuild images \u2192 push to OCIR \u2192 deploy to OCI Container Instances or OKE \u2192 rework IAM\/networking\/observability to OCI constructs.<\/p>\n\n\n\n
                                                                                                                                                                            \n\n\n\n
                                                                                                                                                                            17. Top Online Resources to Learn Application Container<\/h2>\n\n\n\n
                                                                                                                                                                            The most reliable resources are OCI-native container runtime and registry docs, plus any legacy Classic docs your account still exposes.<\/p>\n\n\n\n
                                                                                                                                                                            \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                            Resource Type<\/th>\nName<\/th>\nWhy It Is Useful<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                            Official documentation<\/td>\nOCI Documentation<\/td>\nEntry point for all OCI services, including IAM, networking, logging, and container services: https:\/\/docs.oracle.com\/en-us\/iaas\/<\/td>\n<\/tr>\n
                                                                                                                                                                            Official documentation<\/td>\nOCI Container Engine for Kubernetes (OKE) docs<\/td>\nManaged Kubernetes reference and tutorials: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/ContEng\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                            Official documentation<\/td>\nOCI Registry (OCIR) docs<\/td>\nHow to authenticate, push\/pull images, and manage repos: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Registry\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                            Official documentation<\/td>\nOCI IAM docs<\/td>\nPolicies, compartments, groups, dynamic groups: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                            Official documentation<\/td>\nOCI Networking (VCN) docs<\/td>\nSubnets, security lists\/NSGs, gateways, routing: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Network\/Concepts\/overview.htm<\/td>\n<\/tr>\n
                                                                                                                                                                            Official documentation<\/td>\nOCI Logging docs<\/td>\nCentral logging and search: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Logging\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                            Official documentation<\/td>\nOCI Monitoring docs<\/td>\nMetrics, alarms, notifications: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Monitoring\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                            Official documentation<\/td>\nOCI Vault \/ Key Management docs<\/td>\nSecrets, keys, certs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/KeyManagement\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                                            Official pricing page<\/td>\nOracle Cloud Pricing<\/td>\nOfficial pricing entry point: https:\/\/www.oracle.com\/cloud\/pricing\/<\/td>\n<\/tr>\n
                                                                                                                                                                            Official cost tool<\/td>\nOracle Cloud Cost Estimator<\/td>\nBuild region-specific estimates without guessing: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<\/tr>\n
                                                                                                                                                                            Architecture center<\/td>\nOracle Architecture Center<\/td>\nReference architectures and best practices: https:\/\/www.oracle.com\/cloud\/architecture\/<\/td>\n<\/tr>\n
                                                                                                                                                                            Official tutorials\/labs<\/td>\nOracle Cloud Free Tier \/ Getting Started<\/td>\nAccount setup and foundational labs: https:\/\/www.oracle.com\/cloud\/free\/<\/td>\n<\/tr>\n
                                                                                                                                                                            Official CLI docs<\/td>\nOCI CLI installation<\/td>\nAutomation and scripting reference: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/td>\n<\/tr>\n
                                                                                                                                                                            Community learning<\/td>\nOracle Cloud Infrastructure blogs (official)<\/td>\nPractical patterns and updates (validate accuracy): https:\/\/blogs.oracle.com\/cloud-infrastructure\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                            \n
                                                                                                                                                                            If you specifically need Oracle Application Container Cloud Service (Classic)<\/strong> documentation and your account still provides it, use the documentation links available from within your Classic console. Availability and URLs can differ; verify in your account\u2019s official documentation hub<\/strong>.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                                                                                            \n\n\n\n
                                                                                                                                                                            18. Training and Certification Providers<\/h2>\n\n\n\n
                                                                                                                                                                            The following institutes are provided as training options. Verify course outlines, instructors, and accreditation details on their websites.<\/p>\n\n\n\n
                                                                                                                                                                            1) DevOpsSchool.com<\/strong>\n– Suitable audience:<\/strong> DevOps engineers, SREs, platform engineers, developers\n– Likely learning focus:<\/strong> DevOps practices, CI\/CD, containers, Kubernetes, cloud fundamentals (including Oracle Cloud topics depending on catalog)\n– Mode:<\/strong> Online\/corporate\/self-paced\/live (check website)\n– Website:<\/strong> https:\/\/www.devopsschool.com\/<\/p>\n\n\n\n
                                                                                                                                                                            2) ScmGalaxy.com<\/strong>\n– Suitable audience:<\/strong> Beginners to intermediate DevOps practitioners\n– Likely learning focus:<\/strong> SCM, DevOps tooling, CI\/CD pipelines, automation fundamentals\n– Mode:<\/strong> Online\/corporate\/self-paced\/live (check website)\n– Website:<\/strong> https:\/\/www.scmgalaxy.com\/<\/p>\n\n\n\n
                                                                                                                                                                            3) CLoudOpsNow.in<\/strong>\n– Suitable audience:<\/strong> Cloud operations and DevOps engineers\n– Likely learning focus:<\/strong> Cloud operations, monitoring, automation, SRE-aligned practices\n– Mode:<\/strong> Check website\n– Website:<\/strong> https:\/\/cloudopsnow.in\/<\/p>\n\n\n\n
                                                                                                                                                                            4) SreSchool.com<\/strong>\n– Suitable audience:<\/strong> SREs, operations teams, reliability-focused engineers\n– Likely learning focus:<\/strong> SRE practices, observability, incident management, SLIs\/SLOs, reliability engineering\n– Mode:<\/strong> Check website\n– Website:<\/strong> https:\/\/sreschool.com\/<\/p>\n\n\n\n
                                                                                                                                                                            5) AiOpsSchool.com<\/strong>\n– Suitable audience:<\/strong> Ops teams adopting AIOps and automation\n– Likely learning focus:<\/strong> AIOps concepts, monitoring analytics, automation, incident reduction\n– Mode:<\/strong> Check website\n– Website:<\/strong> https:\/\/aiopsschool.com\/<\/p>\n\n\n\n
                                                                                                                                                                            \n\n\n\n
                                                                                                                                                                            19. Top Trainers<\/h2>\n\n\n\n
                                                                                                                                                                            The following sites are provided as trainer\/platform directories. Verify trainer profiles and Oracle Cloud coverage on each site.<\/p>\n\n\n\n
                                                                                                                                                                            1) RajeshKumar.xyz<\/strong>\n– Likely specialization:<\/strong> DevOps\/cloud coaching (verify specific Oracle Cloud topics on site)\n– Suitable audience:<\/strong> Individuals and teams seeking guided training\n– Website:<\/strong> https:\/\/rajeshkumar.xyz\/<\/p>\n\n\n\n
                                                                                                                                                                            2) devopstrainer.in<\/strong>\n– Likely specialization:<\/strong> DevOps tooling, CI\/CD, containers, cloud fundamentals\n– Suitable audience:<\/strong> Beginners to intermediate engineers\n– Website:<\/strong> https:\/\/devopstrainer.in\/<\/p>\n\n\n\n
                                                                                                                                                                            3) devopsfreelancer.com<\/strong>\n– Likely specialization:<\/strong> Freelance DevOps consulting\/training engagements (verify offerings)\n– Suitable audience:<\/strong> Teams needing short-term expertise\n– Website:<\/strong> https:\/\/devopsfreelancer.com\/<\/p>\n\n\n\n
                                                                                                                                                                            4) devopssupport.in<\/strong>\n– Likely specialization:<\/strong> DevOps support and enablement (verify training vs support offerings)\n– Suitable audience:<\/strong> Ops\/DevOps teams needing hands-on guidance\n– Website:<\/strong> https:\/\/devopssupport.in\/<\/p>\n\n\n\n
                                                                                                                                                                            \n\n\n\n
                                                                                                                                                                            20. Top Consulting Companies<\/h2>\n\n\n\n
                                                                                                                                                                            The following companies are listed as consulting providers. Verify service scope, references, and statements of work directly with the vendor.<\/p>\n\n\n\n
                                                                                                                                                                            1) cotocus.com<\/strong>\n– Likely service area:<\/strong> Cloud\/DevOps consulting (verify Oracle Cloud specialism on site)\n– Where they may help:<\/strong> Architecture, migration planning, CI\/CD implementation, operations setup\n– Consulting use case examples:<\/strong>\n  – Container platform selection (Container Instances vs OKE)\n  – OCIR and IAM policy design\n  – VCN and ingress\/egress hardening\n– Website:<\/strong> https:\/\/cotocus.com\/<\/p>\n\n\n\n
                                                                                                                                                                            2) DevOpsSchool.com<\/strong>\n– Likely service area:<\/strong> DevOps consulting and training services\n– Where they may help:<\/strong> CI\/CD pipelines, containerization standards, operational readiness\n– Consulting use case examples:<\/strong>\n  – Container build and deployment pipelines to OCIR\n  – Observability setup (Logging\/Monitoring alarms)\n  – Governance\/tagging for cost control\n– Website:<\/strong> https:\/\/www.devopsschool.com\/<\/p>\n\n\n\n
                                                                                                                                                                            3) DEVOPSCONSULTING.IN<\/strong>\n– Likely service area:<\/strong> DevOps consulting services (verify Oracle Cloud coverage on site)\n– Where they may help:<\/strong> Toolchain integration, automation, SRE practices adoption\n– Consulting use case examples:<\/strong>\n  – Secure runtime deployment patterns in OCI\n  – Environment standardization (dev\/stage\/prod)\n  – Incident response and runbook development\n– Website:<\/strong> https:\/\/devopsconsulting.in\/<\/p>\n\n\n\n
                                                                                                                                                                            \n\n\n\n
                                                                                                                                                                            21. Career and Learning Roadmap<\/h2>\n\n\n\n
                                                                                                                                                                            What to learn before this service<\/h3>\n\n\n\n
                                                                                                                                                                            To succeed with an Application Container approach on Oracle Cloud, learn:\n– Linux and basic networking (DNS, routing, ports, TLS)\n– Containers:\n  – Dockerfiles, image tagging, registries\n  – container security basics (non-root, minimal images)\n– OCI fundamentals:\n  – compartments, IAM policies\n  – VCN, subnets, security lists\/NSGs\n  – OCIR basics<\/p>\n\n\n\n
                                                                                                                                                                            What to learn after this service<\/h3>\n\n\n\n
                                                                                                                                                                              \n
                                                                                                                                                                            • Advanced OCI networking (private endpoints, NAT, service gateways\u2014verify)<\/li>\n
                                                                                                                                                                            • Observability:<\/li>\n
                                                                                                                                                                            • structured logging<\/li>\n
                                                                                                                                                                            • metrics, tracing (OpenTelemetry patterns)<\/li>\n
                                                                                                                                                                            • Release engineering:<\/li>\n
                                                                                                                                                                            • blue\/green and canary patterns<\/li>\n
                                                                                                                                                                            • GitOps concepts<\/li>\n
                                                                                                                                                                            • Kubernetes (OKE) if your platform needs grow:<\/li>\n
                                                                                                                                                                            • Helm\/Kustomize<\/li>\n
                                                                                                                                                                            • Ingress controllers<\/li>\n
                                                                                                                                                                            • service mesh (only if justified)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                              Job roles that use it<\/h3>\n\n\n\n
                                                                                                                                                                                \n
                                                                                                                                                                              • Cloud Engineer (OCI)<\/li>\n
                                                                                                                                                                              • DevOps Engineer<\/li>\n
                                                                                                                                                                              • Site Reliability Engineer (SRE)<\/li>\n
                                                                                                                                                                              • Platform Engineer<\/li>\n
                                                                                                                                                                              • Solutions Architect<\/li>\n
                                                                                                                                                                              • Backend Developer (cloud-native)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                Certification path (if available)<\/h3>\n\n\n\n
                                                                                                                                                                                Oracle certification offerings change over time. Start here and verify current paths:\n– Oracle University: https:\/\/education.oracle.com\/\n– OCI certifications listing (verify current): search Oracle University for \u201cOCI certification\u201d.<\/p>\n\n\n\n
                                                                                                                                                                                Project ideas for practice<\/h3>\n\n\n\n
                                                                                                                                                                                  \n
                                                                                                                                                                                1. Deploy a REST API container with OCIR + runtime + alarms.<\/li>\n
                                                                                                                                                                                2. Add a database and implement migrations safely.<\/li>\n
                                                                                                                                                                                3. Add private networking and expose via Load Balancer only.<\/li>\n
                                                                                                                                                                                4. Implement CI\/CD: build \u2192 scan \u2192 push \u2192 deploy.<\/li>\n
                                                                                                                                                                                5. Add structured logs and a dashboard for latency\/error rate.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                  22. Glossary<\/h2>\n\n\n\n
                                                                                                                                                                                    \n
                                                                                                                                                                                  • OCI (Oracle Cloud Infrastructure):<\/strong> Oracle\u2019s current-generation cloud platform with IAM, VCN, compute, and managed services.<\/li>\n
                                                                                                                                                                                  • Oracle Cloud Classic:<\/strong> Earlier generation Oracle Cloud platform (legacy for many services).<\/li>\n
                                                                                                                                                                                  • Container image:<\/strong> Immutable package containing app code and dependencies.<\/li>\n
                                                                                                                                                                                  • OCIR (OCI Registry):<\/strong> Oracle\u2019s container registry service for storing container images.<\/li>\n
                                                                                                                                                                                  • Container runtime:<\/strong> The service that runs container images (e.g., Container Instances or Kubernetes nodes).<\/li>\n
                                                                                                                                                                                  • VCN (Virtual Cloud Network):<\/strong> A private network in OCI.<\/li>\n
                                                                                                                                                                                  • Subnet:<\/strong> A segmented IP range within a VCN where resources attach.<\/li>\n
                                                                                                                                                                                  • Security List \/ NSG:<\/strong> OCI network access control constructs controlling allowed ingress\/egress.<\/li>\n
                                                                                                                                                                                  • Ingress:<\/strong> Incoming traffic to your service.<\/li>\n
                                                                                                                                                                                  • Egress:<\/strong> Outgoing traffic from your service.<\/li>\n
                                                                                                                                                                                  • IAM policy:<\/strong> Rules controlling access to OCI resources.<\/li>\n
                                                                                                                                                                                  • Compartment:<\/strong> OCI\u2019s logical container for organizing and isolating resources and permissions.<\/li>\n
                                                                                                                                                                                  • Auth Token:<\/strong> Credential used for certain authentications (commonly Docker login to OCIR).<\/li>\n
                                                                                                                                                                                  • TLS termination:<\/strong> Decrypting HTTPS at an edge component (like a load balancer).<\/li>\n
                                                                                                                                                                                  • Observability:<\/strong> The combination of logs, metrics, and traces used to understand system behavior.<\/li>\n
                                                                                                                                                                                  • SLO\/SLI:<\/strong> Reliability targets (SLO) and measurements (SLI) used by SRE practices.<\/li>\n
                                                                                                                                                                                  • Immutable deployment:<\/strong> Deployment method where a new version is deployed as a new artifact, rather than modifying running systems in place.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                    \n\n\n\n
                                                                                                                                                                                    23. Summary<\/h2>\n\n\n\n
                                                                                                                                                                                    Application Container<\/strong> in Oracle Cloud<\/strong> most commonly maps to the legacy Oracle Application Container Cloud Service (Classic)<\/strong>, which many teams now replace with OCI-native services. In modern OCI, the practical \u201cApplication Container\u201d outcome is typically achieved using OCI Container Instances<\/strong> (or OKE<\/strong> for Kubernetes), backed by OCIR<\/strong> for images and governed by IAM<\/strong>, VCN<\/strong>, and Logging\/Monitoring<\/strong>.<\/p>\n\n\n\n
                                                                                                                                                                                    Why it matters:\n– It standardizes application delivery around container images.\n– It reduces server-management overhead compared to DIY Docker on VMs.\n– It provides a clear path to production-ready patterns with private networking, controlled ingress, and centralized observability.<\/p>\n\n\n\n
                                                                                                                                                                                    Key cost\/security points:\n– Costs are driven by runtime CPU\/memory, load balancers, outbound bandwidth, and log volume\u2014use the OCI Cost Estimator<\/strong> rather than guessing.\n– Security depends on least-privilege IAM, private subnets, TLS, and correct secret handling with OCI Vault<\/strong>.<\/p>\n\n\n\n
                                                                                                                                                                                    When to use it:\n– Use an Application Container approach when you want managed container execution with strong governance and minimal ops burden.\n– Prefer OCI-native services for new builds; treat Classic-era Application Container as legacy unless your account explicitly supports it.<\/p>\n\n\n\n
                                                                                                                                                                                    Next learning step:<\/strong> Deepen OCI fundamentals (IAM + VCN) and then choose your runtime path\u2014Container Instances<\/strong> for simplicity or OKE<\/strong> for Kubernetes-based platforms\u2014using Oracle\u2019s official OCI docs: https:\/\/docs.oracle.com\/en-us\/iaas\/<\/p>\n","protected":false},"excerpt":{"rendered":"
                                                                                                                                                                                    Other Services<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[62,63],"tags":[],"class_list":["post-748","post","type-post","status-publish","format-standard","hentry","category-oracle-cloud","category-other-services"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/748","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=748"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/748\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=748"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=748"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=748"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}