Introduction¶

The OCTO Cloud-Native Platform is a reference implementation of enterprise applications running on Oracle Cloud Infrastructure (OCI). It demonstrates how to integrate OCI's observability, security, database, and AI services with cloud-native applications deployed on Oracle Kubernetes Engine (OKE).

Goals¶

Showcase OCI observability services — APM, Logging, Monitoring, Log Analytics, DB Management, Operations Insights — as modular add-ons that can be activated independently
Demonstrate cloud-native patterns — FastAPI + Go microservices, shared Oracle ATP database, IDCS SSO, distributed tracing, circuit breakers
Provide a framework architecture — add new features without breaking existing capabilities; each module is independent
Enable AI-driven operations — integration with OCI Coordinator's Remediation Agent v2 for automated detection → diagnosis → remediation
Serve as a reference implementation — tenancy-portable OKE manifests, security best practices, comprehensive test coverage, and a clear split between public storefront and internal operations control planes

Architecture Summary¶

Two application services share a single Oracle ATP database:

Service	Role	Tech	Routes
OCTO Drone Shop	Customer storefront, checkout, AI assistant, observability surfaces	Python/FastAPI + Go	98
Enterprise CRM Portal	CRM operations console, catalog admin, storefront control, simulation lab	Python/FastAPI	~80

Both services integrate with the full OCI observability stack through modular add-ons that activate via environment variables or console configuration — no code changes required.

Current Runtime Model¶

Shop frontend: https://shop.octodemo.cloud
CRM frontend: https://crm.octodemo.cloud
Shared database: Oracle ATP
Catalog source of truth: CRM
Browser-visible CRM links: public URL only
Backend CRM calls from shop: may use the internal cluster-local CRM service URL

This split matters operationally: the shop renders customer-facing catalog and checkout experiences, while the CRM is where operators edit customers, orders, invoices, storefronts, and product inventory.

OCI Services¶

The platform integrates with the following OCI services. Each service is an independent add-on — the application runs with or without any given service.

Core Compute & Networking¶

Service	Purpose	Docs
Container Engine for Kubernetes (OKE)	Managed Kubernetes for application hosting	OKE Documentation
Container Registry (OCIR)	Private Docker registry for container images	OCIR Documentation
Load Balancer	HTTP/HTTPS load balancing with TLS termination	Load Balancer Documentation
Virtual Cloud Network (VCN)	Network infrastructure with subnets and NSGs	VCN Documentation

Database¶

Service	Purpose	Docs
Autonomous Transaction Processing (ATP)	Oracle Autonomous Database for OLTP workloads	ATP Documentation
Database Management	Performance Hub, SQL Monitor, AWR reports	DB Management Documentation
Operations Insights	SQL Warehouse, capacity planning, fleet summary	Ops Insights Documentation
Select AI	Natural language queries on ATP	Select AI Documentation

Observability¶

Service	Purpose	Docs
Application Performance Monitoring (APM)	Distributed tracing, service topology, trace explorer	APM Documentation
APM Real User Monitoring (RUM)	Browser performance monitoring, session replay	APM RUM Documentation
Logging	Structured log ingestion with trace correlation	Logging Documentation
Logging Analytics (Log Analytics)	Full-text log search, saved queries, dashboards	Log Analytics Documentation
Monitoring	Custom metrics, alarms, MQL queries	Monitoring Documentation
Notifications	Alarm delivery via email, SMS, webhooks	Notifications Documentation
Health Checks	HTTP/HTTPS endpoint monitoring	Health Checks Documentation
Stack Monitoring	Application topology and component health	Stack Monitoring Documentation

Security¶

Service	Purpose	Docs
IAM Identity Domains	OIDC SSO with PKCE, JWKS verification	Identity Domains Documentation
Web Application Firewall (WAF)	SQLi/XSS/command injection protection, rate limiting	WAF Documentation
Cloud Guard	Security posture monitoring, problem detection	Cloud Guard Documentation
Security Zones	Compliance policy enforcement at compartment level	Security Zones Documentation
Vault	HSM-backed secret management and encryption keys	Vault Documentation
Vulnerability Scanning (VSS)	Host and container vulnerability scanning	VSS Documentation
Audit	API event audit trail	Audit Documentation
Bastion	Secure access to private resources	Bastion Documentation

AI & GenAI¶

Service	Purpose	Docs
Generative AI	LLM inference for the AI assistant	Generative AI Documentation
Generative AI Agents	Agent orchestration with RAG	Gen AI Agents Documentation

Integration & Automation¶

Service	Purpose	Docs
API Gateway	API management and routing	API Gateway Documentation
Resource Manager	Terraform-based infrastructure-as-code	Resource Manager Documentation
Events	Event-driven automation triggers	Events Documentation
Functions	Serverless compute (FaaS)	Functions Documentation

Platform Services Map¶

flowchart TD
    subgraph Apps ["Application Services"]
        Shop["OCTO Drone Shop"]
        CRM["Enterprise CRM Portal"]
    end

    subgraph Compute ["Compute & Networking"]
        OKE["OKE"]
        OCIR["OCIR"]
        LB["Load Balancer"]
    end

    subgraph Data ["Database"]
        ATP["ATP"]
        DBMgmt["DB Management"]
        OPSI["Ops Insights"]
    end

    subgraph Obs ["Observability"]
        APM["APM"]
        RUM["APM RUM"]
        Logging["Logging"]
        LogAn["Log Analytics"]
        Monitoring["Monitoring"]
        Stack["Stack Monitoring"]
    end

    subgraph Sec ["Security"]
        IDCS["Identity Domains"]
        WAF["WAF"]
        CG["Cloud Guard"]
        SZ["Security Zones"]
        Vault["Vault"]
        VSS["VSS"]
    end

    subgraph AI ["AI Services"]
        GenAI["Generative AI"]
    end

    LB --> WAF --> Shop
    LB --> CRM
    Shop --> OKE
    CRM --> OKE
    Shop --> ATP
    CRM --> ATP
    ATP --> DBMgmt
    ATP --> OPSI
    Shop -.-> APM
    CRM -.-> APM
    APM --> RUM
    Shop -.-> Logging
    CRM -.-> Logging
    Logging --> LogAn
    Shop -.-> Monitoring
    OKE -.-> Stack
    IDCS --> Shop
    IDCS --> CRM
    CG --> Shop
    CG --> CRM
    VSS --> OKE
    Shop --> GenAI
    Vault --> Shop

Platform Components¶

Component	Service	Cloud Services Used	Description
Drone Shop	Python/FastAPI	ATP, APM, RUM, Logging, Monitoring, WAF, Cloud Guard, Vault, IDCS, GenAI	E-commerce storefront with checkout flow, AI assistant, customer-facing catalog, and distributed trace integration into CRM
Workflow Gateway	Go	ATP, APM, Select AI	Scheduled ATP query sweeps, query lab, Select AI execution
Enterprise CRM	Python/FastAPI	ATP, APM, RUM, Logging, IDCS	Operational control plane with order sync, storefront management, catalog editing, simulation lab, and OIDC SSO

Deployment Options¶

Option	Time	Best For
Local Docker	5 min	Development and testing
OKE Deployment	30 min	Production with full OCI observability

Next Steps¶

Getting Started — Prerequisites and deployment guide
Architecture — System design, data model, framework approach
OCI Observability Add-Ons — 8-level progressive enablement guide
Cross-Service Integration — How Drone Shop and CRM share ATP

Reference Implementations¶

Repository	Component
octo-drone-shop	Drone Shop + Workflow Gateway + Documentation source
enterprise-crm-portal	Enterprise CRM Portal