InterviewPWC

OCI landing zone DEMO

  • Grateful for the Opportunity – Excited About the OCI Journey Ahead

    I would like to take a moment to sincerely thank the hiring team for the opportunity to interview for this Oracle Cloud Infrastructure (OCI) role.

    The chance to engage in a conversation around OCI architecture, infrastructure automation, and cloud best practices is something I genuinely value.

    Throughout my experience working with cloud infrastructure, automation, and DevOps practices, I have developed a strong appreciation for well-designed enterprise architectures.

    What excites me most about this opportunity is the focus on building robust OCI landing zones.

    I am looking forward to the interview discussion and, hopefully, the opportunity to contribute to the team’s success. Regardless of the outcome, I truly appreciate the time and consideration from the team.

    Thank you again for this opportunity—I am genuinely excited about what lies ahead.

  • Infrastructure behind the website

    Below is a ASCII architecture diagram of:

    • OCI CIS Landing Zone
    • DRG as hub
    • Multiple VCNs (3-tier landing zone)
    • My WordPress setup (LB → App VCN → VM → DB)

    Made via https://github.com/oci-landing-zones/terraform-oci-core-landingzone and OCI Resource Manager.

                                   
                                    INTERNET
                                        |
                                        |
                         +--------------------------------+
                         |  DNS (DuckDNS)                |
                         | constantininterview.duckdns.org
                         +----------------+---------------+
                                          |
                                          | HTTPS (443) / HTTP (80)
                                          v
                         +--------------------------------+
                         | OCI PUBLIC LOAD BALANCER       |
                         |--------------------------------|
                         | - HTTPS                        |
                         | - HTTP → HTTPS redirect        |
                         | - Listeners: 80 / 443          |
                         +----------------+---------------+
                                          |
                                          |
                      =====================================================
                      |          OCI CIS LANDING ZONE                     |
                      |                                                   |
                      =====================================================
                                          |
                                 +--------+--------+
                                 |       DRG        |
                                 |   (Hub Router)   |
                                 +--------+--------+
                                          |
        -------------------------------------------------------------------------------
        |                     |                     |                      |
        |                     |                     |                      |
        v                     v                     v                      v

+------------------+ +------------------+ +------------------+ +------------------+
| APP VCN 1        | | APP VCN 2        | | APP VCN 3        | | BASTION VCN      |
| 192.168.0.0/24   | | 192.168.1.0/24   | | 192.168.2.0/24   | | 10.0.0.0/24      |
| WordPress stack  | | future workload  | | future workload  | | admin access     |
+--------+---------+ +--------+---------+ +--------+---------+ +--------+---------+
         |                    |                    |                    |
         |                    |                    |                    |
         v                    v                    v                    v

--------------------------- APP VCN 1 (WORDPRESS) ----------------------------

   +--------------------------------------------------------------+
   | PUBLIC SUBNET (WEB TIER)                                    |
   | - Load Balancer backend                                      |
   +----------------------------+---------------------------------+
                                |
                                v
   +--------------------------------------------------------------+
   | PRIVATE SUBNET (APP TIER)                                   |
   |                                                              |
   | WORDPRESS VM (Ubuntu)                                        |
   | - Apache                                                     |
   | - PHP                                                        |
   | - WordPress CMS                                              |
   | - Certbot (Let’s Encrypt)                                    |
   +----------------------------+---------------------------------+
                                |
                                v
   +--------------------------------------------------------------+
   | PRIVATE SUBNET (DB TIER)                                    |
   |                                                              |
   | MariaDB / MySQL                                              |
   | - WordPress database                                         |
   | - Not publicly accessible                                    |
   +--------------------------------------------------------------+


--------------------------- BASTION VCN ----------------------------

   +--------------------------------------------------------------+
   | PUBLIC SUBNET                                                |
   |                                                              |
   | Bastion Host (Jump Server)                                   |
   | - SSH access point                                           |
   | - No direct public access to app/db                          |
   +----------------------------+---------------------------------+
                                |
                                | SSH via DRG routing
                                v
                APP VCN private subnets (WordPress / DB access)


--------------------------- TRAFFIC FLOW ----------------------------

User
  |
  | HTTPS
  v
Load Balancer
  |
  | HTTP/HTTPS backend traffic
  v
WordPress VM
  |
  | SQL (private network only)
  v
Database


Admin / Dev
  |
  | SSH (only via Bastion)
  v
Bastion Host
  |
  | DRG routing
  v
Private App / DB resources


--------------------------- DRG HUB ----------------------------

        APP VCN 1 --------\
        APP VCN 2 --------->  DRG (Central Routing Hub)
        APP VCN 3 --------/
        BASTION VCN ------/