Back to Details

oracle-cloud

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Oracle Cloud Infrastructure (OCI)

Oracle Cloud Infrastructure (OCI)

Core Capabilities

核心能力

Provides expert guidance for Oracle Cloud Infrastructure across all major services:
  1. Compute Services - VM instances, bare metal, autoscaling, instance pools
  2. Networking - Virtual Cloud Networks (VCN), subnets, security lists, route tables, load balancers, VPN
  3. Storage - Block volumes, object storage, file storage, archive storage
  4. Database Services - Autonomous Database, MySQL, PostgreSQL, NoSQL, MongoDB
  5. Container & Kubernetes - Oracle Kubernetes Engine (OKE), container instances, registries
  6. Identity & Access Management - Users, groups, policies, federation, MFA
  7. Infrastructure as Code - Terraform OCI provider, Resource Manager, stacks
  8. Cost Management - Budgets, cost analysis, resource tagging, rightsizing
提供Oracle Cloud Infrastructure全系列核心服务的专业指导:
  1. 计算服务 - 虚拟机实例、裸金属服务器、自动扩缩容、实例池
  2. 网络服务 - 虚拟云网络(VCN)、子网、安全列表、路由表、负载均衡器、VPN
  3. 存储服务 - 块存储卷、对象存储、文件存储、归档存储
  4. 数据库服务 - Autonomous Database、MySQL、PostgreSQL、NoSQL、MongoDB
  5. 容器与Kubernetes - Oracle Kubernetes Engine (OKE)、容器实例、容器注册表
  6. 身份与访问管理 - 用户、组、策略、联邦认证、多因素认证(MFA)
  7. 基础设施即代码 - Terraform OCI provider、Resource Manager、资源栈
  8. 成本管理 - 预算、成本分析、资源标签、规格优化

Best Practices

最佳实践

Compute

计算

  • Use flexible shapes for cost optimization
  • Enable boot volume backups and configure lifecycle policies
  • Use instance pools with autoscaling for dynamic workloads
  • Implement proper tagging for resource management
  • Leverage availability domains for high availability
  • 使用灵活实例规格优化成本
  • 启用引导卷备份并配置生命周期策略
  • 为动态工作负载搭配自动扩缩容的实例池
  • 实施规范的资源标签管理
  • 利用可用域实现高可用性

Networking

网络

  • Design VCN with proper CIDR blocks (avoid overlaps)
  • Use security lists and network security groups together
  • Implement private subnets for databases and application tiers
  • Enable DRG (Dynamic Routing Gateway) for hybrid connectivity
  • Configure load balancer health checks with appropriate intervals
  • 设计VCN时使用合适的CIDR块(避免重叠)
  • 结合使用安全列表和网络安全组
  • 为数据库和应用层配置私有子网
  • 启用动态路由网关(DRG)实现混合云连接
  • 为负载均衡器配置合适的健康检查间隔

Storage

存储

  • Use block volumes with appropriate performance tiers
  • Implement lifecycle policies for object storage cost savings
  • Enable encryption at rest for all storage services
  • Configure regular backups with retention policies
  • Use file storage for shared application data
  • 为块存储卷选择合适的性能层级
  • 为对象存储配置生命周期策略以节省成本
  • 为所有存储服务启用静态加密
  • 配置带保留策略的定期备份
  • 使用文件存储共享应用数据

Database

数据库

  • Use Autonomous Database for automatic management and tuning
  • Enable automatic backups with point-in-time recovery
  • Configure connection pooling and TLS encryption
  • Implement proper IAM policies for database access
  • Monitor database metrics and set up alerts
  • 使用Autonomous Database实现自动化管理与调优
  • 启用带时间点恢复的自动备份
  • 配置连接池与TLS加密
  • 为数据库访问实施恰当的IAM策略
  • 监控数据库指标并设置告警

Container Orchestration

容器编排

  • Use managed OKE for Kubernetes workloads
  • Enable cluster autoscaling and pod autoscaling
  • Implement pod security policies and network policies
  • Use OCI Container Registry for private image storage
  • Configure proper resource requests and limits
  • 为Kubernetes工作负载使用托管式OKE
  • 启用集群自动扩缩容与Pod自动扩缩容
  • 实施Pod安全策略与网络策略
  • 使用OCI容器注册表存储私有镜像
  • 配置合理的资源请求与限制

IAM & Security

IAM与安全

  • Follow principle of least privilege for policies
  • Enable MFA for all users with admin access
  • Use service-level resources for automation
  • Implement compartment hierarchy for resource isolation
  • Audit IAM policy changes regularly
  • 遵循最小权限原则配置策略
  • 为所有管理员用户启用MFA
  • 为自动化任务使用服务级资源
  • 实施隔间层级结构实现资源隔离
  • 定期审计IAM策略变更

Infrastructure as Code

基础设施即代码

  • Use Terraform OCI provider with remote state
  • Organize resources by compartment and environment
  • Version control all infrastructure code
  • Use Resource Manager for managed Terraform execution
  • Implement proper variable management and secrets handling
  • 使用带远程状态的Terraform OCI provider
  • 按隔间和环境组织资源
  • 对所有基础设施代码进行版本控制
  • 使用Resource Manager执行托管式Terraform
  • 实施规范的变量管理与密钥处理

Cost Optimization

成本优化

  • Use flexible shapes to match workload requirements
  • Implement autoscaling to scale down during off-peak
  • Use preemptible instances for fault-tolerant workloads
  • Set up budgets and cost alerts
  • Tag resources for cost allocation and tracking
  • 使用匹配工作负载需求的灵活实例规格
  • 实施自动扩缩容以在非高峰时段缩容
  • 为容错工作负载使用抢占式实例
  • 设置预算与成本告警
  • 为资源添加标签以实现成本分配与追踪

Detailed References

详细参考

Load reference files based on specific needs:
  • Compute Services: See compute-services.md for:
    • VM shapes and bare metal configuration
    • Instance pools and autoscaling setup
    • Boot volume management and backups
    • Custom images and cloud-init configuration
  • Networking Architecture: See networking-architecture.md for:
    • VCN design patterns and CIDR planning
    • Security lists and network security groups
    • Load balancer configuration (public, private)
    • FastConnect and VPN setup for hybrid connectivity
    • VCN peering and DNS configuration
  • Database Services: See database-services.md for:
    • Autonomous Database provisioning and management
    • MySQL, PostgreSQL, and NoSQL configuration
    • Database backup and recovery procedures
    • Connection pooling and performance optimization
    • Database migration strategies
  • IAM Configuration: See iam-configuration.md for:
    • User, group, and policy management
    • Compartment design and hierarchy
    • Dynamic groups and instance principals
    • Federation and identity providers
    • Tagging strategy and resource limits
  • Terraform for OCI: See terraform-oci.md for:
    • Terraform OCI provider configuration
    • Common resource provisioning patterns
    • Module structure and best practices
    • Remote state management in object storage
    • Three-tier architecture examples
  • OCI CLI Commands: See oci-cli-commands.md for:
    • OCI CLI installation and configuration
    • Compute, networking, storage, and database commands
    • Container registry and OKE operations
    • Query and filtering techniques
    • Troubleshooting and debugging
根据具体需求加载参考文档:
  • 计算服务:查看compute-services.md获取:
    • 虚拟机规格与裸金属配置
    • 实例池与自动扩缩容设置
    • 引导卷管理与备份
    • 自定义镜像与cloud-init配置
  • 网络架构:查看networking-architecture.md获取:
    • VCN设计模式与CIDR规划
    • 安全列表与网络安全组
    • 负载均衡器配置(公网、私网)
    • FastConnect与VPN混合云连接设置
    • VCN对等连接与DNS配置
  • 数据库服务:查看database-services.md获取:
    • Autonomous Database的配置与管理
    • MySQL、PostgreSQL与NoSQL配置
    • 数据库备份与恢复流程
    • 连接池与性能优化
    • 数据库迁移策略
  • IAM配置:查看iam-configuration.md获取:
    • 用户、组与策略管理
    • 隔间设计与层级结构
    • 动态组与实例主体
    • 联邦认证与身份提供商
    • 标签策略与资源限制
  • Terraform for OCI:查看terraform-oci.md获取:
    • Terraform OCI provider配置
    • 常见资源配置模式
    • 模块结构与最佳实践
    • 对象存储中的远程状态管理
    • 三层架构示例
  • OCI CLI命令:查看oci-cli-commands.md获取:
    • OCI CLI的安装与配置
    • 计算、网络、存储与数据库命令
    • 容器注册表与OKE操作
    • 查询与过滤技巧
    • 故障排查与调试