-
Notifications
You must be signed in to change notification settings - Fork 2
Governance Policies Performance Compute
Governance policies for Compute Optimization
Domain: performance
| Name | Description |
|---|---|
| Right-sized container resources | Define CPU/memory based on workload type: API (0.5 CPU/1Gi), worker (0.25 CPU/0.5Gi), data processing (1.0 CPU/2Gi) |
| Async request-reply pattern | API returns 202 Accepted with status URL; background worker processes via Service Bus; status endpoint returns progress |
| Description | Instead |
|---|---|
| Do not run long-running operations in HTTP request handlers | Enqueue to Service Bus and process asynchronously; return 202 Accepted with a status URL |
| Do not deploy containers or pods without resource limits | Define explicit CPU and memory requests/limits based on workload profiling |
| Do not deploy directly to production App Service slot | Deploy to staging slot, warm up, then swap to production for zero-downtime deployment |
| Do not use default Azure Functions host.json settings | Configure timeout, concurrency, batching, and sampling based on workload requirements |
- Container Apps resource management
- AKS resource management
- App Service deployment slots
- Azure Functions host.json reference
- Async request-reply pattern
| Check | Severity | Description |
|---|---|---|
| WAF-PERF-COMP-001 | Required | Define explicit CPU and memory resource limits for Container Apps — prevent unbounded resource consumption and noisy neighbor issues |
| WAF-PERF-COMP-002 | Recommended | Configure App Service per-app scaling and deployment slots for density optimization and zero-downtime deployments |
| WAF-PERF-COMP-003 | Required | Define Kubernetes pod resource requests and limits for AKS workloads — prevent scheduling issues and resource contention |
| WAF-PERF-COMP-004 | Required | Configure Azure Functions timeout, concurrency, and batching settings in host.json |
| WAF-PERF-COMP-005 | Required | Offload long-running operations to asynchronous processing with queues and background workers |
Define explicit CPU and memory resource limits for Container Apps — prevent unbounded resource consumption and noisy neighbor issues
Severity: Required
Rationale: Containers without resource limits can consume all available CPU/memory, starving co-located containers and causing OOM kills
Agents: terraform-agent, bicep-agent, cloud-architect, app-developer, csharp-developer, python-developer
- Microsoft.App/containerApps
- Microsoft.ContainerService/managedClusters
- Microsoft.Web/sites
- Microsoft.Compute/virtualMachines
Configure App Service per-app scaling and deployment slots for density optimization and zero-downtime deployments
Severity: Recommended
Rationale: Per-app scaling prevents a single app from consuming all plan capacity; slots enable blue-green deployments without downtime
Agents: terraform-agent, bicep-agent, cloud-architect
- Microsoft.App/containerApps
- Microsoft.ContainerService/managedClusters
- Microsoft.Web/sites
- Microsoft.Compute/virtualMachines
Define Kubernetes pod resource requests and limits for AKS workloads — prevent scheduling issues and resource contention
Severity: Required
Rationale: Pods without requests cannot be scheduled efficiently; pods without limits can starve other workloads. Requests drive scheduling, limits prevent starvation
Agents: terraform-agent, bicep-agent, cloud-architect, app-developer, csharp-developer, python-developer
- Microsoft.App/containerApps
- Microsoft.ContainerService/managedClusters
- Microsoft.Web/sites
- Microsoft.Compute/virtualMachines
Configure Azure Functions timeout, concurrency, and batching settings in host.json
Severity: Required
Rationale: Default Function settings are not optimized for production; incorrect timeout causes failures, incorrect concurrency causes throttling or resource exhaustion
Agents: terraform-agent, bicep-agent, cloud-architect, app-developer, csharp-developer, python-developer
- Microsoft.App/containerApps
- Microsoft.ContainerService/managedClusters
- Microsoft.Web/sites
- Microsoft.Compute/virtualMachines
Offload long-running operations to asynchronous processing with queues and background workers
Severity: Required
Rationale: Synchronous processing of operations > 5 seconds blocks threads, degrades UX, and causes timeout failures. Async processing decouples producers from consumers
Agents: cloud-architect, app-developer, csharp-developer, python-developer, terraform-agent, bicep-agent
- Microsoft.App/containerApps
- Microsoft.ContainerService/managedClusters
- Microsoft.Web/sites
- Microsoft.Compute/virtualMachines
Getting Started
Stages
Interfaces
Configuration
Agent System
Features
- Backlog Generation
- Cost Analysis
- Error Analysis
- Docs & Spec Kit
- MCP Integration
- Knowledge System
- Escalation
Quality
Help
Policies — Azure
AI Services
Compute
Data Services
- Azure SQL
- Backup Vault
- Cosmos Db
- Data Factory
- Databricks
- Event Grid
- Event Hubs
- Fabric
- IoT Hub
- Mysql Flexible
- Postgresql Flexible
- Recovery Services
- Redis Cache
- Service Bus
- Stream Analytics
- Synapse Workspace
Identity
Management
Messaging
Monitoring
Networking
- Application Gateway
- Bastion
- CDN
- DDoS Protection
- DNS Zones
- Expressroute
- Firewall
- Load Balancer
- Nat Gateway
- Network Interface
- Private Endpoints
- Public Ip
- Route Tables
- Traffic Manager
- Virtual Network
- Vpn Gateway
- WAF Policy
Security
Storage
Web & App
Policies — Well-Architected
Reliability
Security
Cost Optimization
Operational Excellence
Performance Efficiency
Integration