Oracle Cloud Infrastructure Documentation

Creating an Application

Create an application in the OCI Generative AI service.

Applications define a managed runtime for hosted deployments, including scaling, managed storage, networking, and authentication settings. This task documents the steps for creating an application by using the Oracle Cloud Console.

Tip

After you create an application, you can view its details and perform other tasks, such as updating it, moving it to a different compartment, managing its tags, or deleting it. Use the Actions menu (three dots) in the Console to access these tasks. You can also create one or more deployments for the application and activate a deployment to make it the running version. For more information, see Listing Applications.

To create an application, in the list page, select Create application. If you need help finding the list page, see Listing Applications.

  1. (Optional) In Environment variables, add environment variables required by the container.
  2. (Optional) In Networking, select the networking type for outbound traffic (egress) and select an endpoint type (public or private) for access to the active deployment for this application.
  3. In Authentication, select an identity domain configuration and provide the required OAuth settings (scope and audience).
  4. Review the settings and select Create application.

Basic Information

  1. Enter a name for the application.
    Start the name with a letter or underscore, followed by letters, numbers, hyphens, or underscores. The length can be 1 to 255 characters.
  2. (Optional) Enter a description for the application.
  3. Select a compartment to create the application in. The default compartment is the same as the list page, but you can select any compartment that you have permission to work in.

Tags

  1. (Optional) Select Add tag and assign tags to this vector store. See Resource Tags.
  2. Select Create.

Scaling

  1. For Autoscaling, you define how the hosted deployment scales to handle load.
    • Minimum replicas

      Keeps at least this many replicas running at all times. Must be less than or equal to maximum replicas. Default is 1.

    • Maximum replicas

      Caps the number of replicas. New replicas are added as load increases, up to this limit. Default is 3 (maximum 30). Set equal to minimum replica to disable autoscaling.

  2. Select a Concurrency metric.
    This setting adds replicas when concurrent requests exceed this value, up to the maximum replicas you set. Range: 1–500.
    • CPU utilization (%)

      Adds replicas when CPU utilization exceeds this percentage, up to the maximum replicas you set. Range: 50–95%.

    • Memory utilization (%)

      Adds replicas when memory utilization exceeds this percentage, up to the maximum replicas you set. Range: 50–95%.

    • Concurrent requests

      Adds replicas when concurrent requests exceed this value, up to the maximum replicas you set. Range: 1–500.

    • Requests per Second (RPS)

      Keeps at least this many replicas running at all times. Must be less than or equal to maximum replicas. Default is 1.

Storage (Optional)

If the agent needs to use the service managed storage, you can select PostgreSQL, OCI Cache and Oracle Autonomous Database.

Enable managed storage for hosted deployments associated with this application. Managed storage is created and managed by the service and is accessible only from the hosted deployment associated with this application. Connection details are provided to the container through environment variables.

  1. If the agent needs to use the service's Managed storage, enable one of the following options.
    • OCI PostgreSQL

      Enable OCI PostgreSQL to provide a managed database for deployments in this application.

      In the storage selection dropdown, you will see a list of available managed PostgreSQL DB systems. After selecting a storage system, the console will display a list of applications currently using that storage below the dropdown, allowing you to understand which applications are sharing the selected DB system.

      For this option:
      • Enter the environment variable name that receives the OCI PostgreSQL connection URI. The service adds the connection string to the specified environment variable. You must use the same name as the environment variable name in your code.
      • Storage: Select whether to create one or use existing one. If you select an existing storage, the application shares this OCI PostgreSQL with other applications in the tenancy. However, each application is assigned a dedicated database, and this application has only permissions to access its dedicated database.
    • OCI Cache
      Enable OCI Cache to provide a managed cache for deployments in this application. For this option:
      • Enter the environment variable name that receives the OCI Cache connection URI
      • Storage: Select whether to create one or use existing one.
    • Oracle Autonomous Database
      Enable Oracle Autonomous Database to provide a managed database for deployments in this application. For this option:
      • Enter the environment variable name that receives the Autonomous Database connection URI
      In addition to connection string, the service mounts the database user credential to container local file at 
      /mnt/secrets/adb/username
/mnt/secrets/adb/password
  2. (Optional) For Environment Variables, enter one or more environment variables for the deployment.

    If your code needs to consume custom environment variables, you can define those variables in this section and these environment variables are added to the container profile.

    • Plain text

      For each variable, define a key (the environment variable name), and its value.

    • OCI Vault

      For each variable, define a key (the environment variable name), and the secret in the vault by selecting the following information:

      • Vault compartment
      • Vault
      • Vault secret
      The service adds the vault information into a container as a JSON file. Example JSON code:
      {
    "vaultId":<vault-ocid>,
    "key":<the secret in the vault>
}

Networking (Optional)

Select how deployments in this application route outbound traffic (egress) and how clients access the deployment endpoint.

  1. For Networking, select one of the following options.
    • Default (service-managed)

      Allows outbound access to OCI services and the public internet through a service-managed network.

    • Custom (customer-managed)
      Routes outbound traffic through a VCN and subnet in your tenancy using a private endpoint connection (PE/RCE). Recommended for private, enterprise-integrated deployments. For this option select the following:
      • VCN compartment
      • VCN
      • Subnet compartment
      • Subnet
      Note

      If you select custom, all egress traffic is routed to the VCN's subnet. If the agent also needs internet access, you might want to use a public subnet and configure the routing table. See Internet Gateway.
  2. Select whether the active deployment for this application is accessed through a public or private endpoint.
    • Public

      Accessible from outside the VCN.

    • Private

      Accessible only from within the VCN.

      Important

      You must use a Generative AI private endpoint. If you don't have one, create a Generative AI private endpoint.

      Select the following information:

      • Private endpoint compartment
      • Private endpoint

    After application is created, you can access the application through this private endpoint either using its FQDN or IP address. Example FQDN:

    https://<pe-name>.pe.inference.generativeai.<region>
.oci.oraclecloud.com/20251112/hostedApplications/{your_application_ocid}

Authentication

Perform tasks in Setting up Authentication for Agentic Support, before you start this task.

  1. Select OCI Identity Domain for authentication.
    This domain is the same identity domain as the integrated application that you created in Step 2. Create an Application in the Identity Domain belongs to.
  2. Select or paste the identity domain information.
    • Select an existing identity domain

      Allows outbound access to OCI services and the public internet through a service-managed network.

      • Identity domain compartment
      • Identity domain
    • Paste an identity domain URL

      Example: https://idcs-xxx.identity.oraclecloud.com:443

  3. For the identity domain enter values for the following parameters:
    • Scope

      Specifies what actions the access token allows (permissions). Examples: user.read , email.

    • Audience

      Specifies which service or API the access token is intended for. The token is accepted only when the audience claim matches the target resource server.

      To find the value, go to identity domain Console and find out the integrated application you created in Step 2. Create an Application in the Identity Domain. Select OAuth configuration, copy Primary audience, and paste here.

      Examples:
      https://api.example.com
      https://my-service.internal
      urn:my-resource-server
      ocid1.resourceServer.oc1..xxxx

Review and Create

Review the selections and if you're happy with them, select Create.

Note

The time for an application to get created depends on the resources for the application.

  • If managed storage is enabled, the service provisions a dedicated storage instance, which might take several minutes.

  • If custom networking is selected, the service provisions the required network bridging resources, which might also take several minutes.