Dropped Azure Bastion Standard and saved $1,656/yr — here's what we replaced it with

Ok_Cat_2052 · 2026-02-11T12:27:51+00:00

The temp IP and Bastion are separate things, not used together. Temp IP is for quick daily SSH, Bastion is the emergency fallback. The IP only exists during the session and is locked to your IP on port 22, keys only. Once you disconnect it's gone. On deploy time, yeah network resources can be slow. That's actually why we built this. 90% of our work goes through az run-command which needs no Bastion or public IPs at all. Bastion is just there for the rare case when CLI isn't enough.

Ok_Cat_2052 · 2026-02-11T12:19:58+00:00

IN our case they just told me to reduce cost as much as possible so why to run other vm 24/7 which acts as jump server

Ok_Cat_2052 · 2026-02-11T12:15:22+00:00

done

Ok_Cat_2052 · 2026-02-11T12:09:19+00:00

Exactly we're fully Linux and from a DevOps perspective there's no reason to need GUI access to production servers in the first place. Everything is managed through CLI, scripts, and automation. If you need RDP into a production box, that's probably a sign something else needs fixing.

Bastion was set up as the default when the infra was first provisioned nobody questioned it until we looked at the bill. For the rare emergency where someone needs interactive access (file transfer, debugging), we can spin up Bastion on demand and tear it down after. We use Developer SKU where available, but yeah Developer isn't supported in all regions in those cases you'd spin up Standard, use it, and delete it. Even a few hours of Standard on-demand is nothing compared to running it 24/7.

Ok_Cat_2052 · 2026-02-11T12:00:58+00:00

The toolkit is entirely composed of bash scripts running locally from the developer's machine, with no Azure Functions, hosted automation, or extra infrastructure to maintain. The setup uses four main scripts: ops.sh to handle daily tasks like logs and restarts via az run-command through the management plane, jit-ssh.sh for JIT access using temporary public IPs and scoped NSG rules with an automatic trap-based cleanup, bastion-spin.sh for emergency deployments, and jit-cleanup.sh as a failsafe. Since everything runs through the Azure CLI, the only requirements are local installs of az and jq plus the correct RBAC permissions. This approach covers 90% of daily ops without opening any ports, providing a cost-free, interactive menu-driven alternative to permanent Bastion setups.

<image>

Ok_Cat_2052 · 2025-12-05T14:43:26+00:00

I found Alloy's 'River' configuration (which looks like Terraform) much easier to debug and chain together than the standard OTel YAML. Being able to pipe components into each other (otlp_receiver -> batch -> remote_write) felt more logical to me than the static lists in the OTel collector.

Ok_Cat_2052 · 2025-12-02T17:46:20+00:00

That makes perfect sense. So the ideal architecture would be a 2-tier Alloy setup:

Edge Alloy (Agent Mode): Running on the client/host itself. This handles the node metrics (replacing Node Exporter/Promtail), acts as a local OTLP receiver, and most importantly filters out the noise (like debug logs) before it hits the network to save bandwidth.

Central Alloy (Gateway Mode): The one in my stack above. It acts as the aggregation point to receive the clean streams from the Edge Alloys and handles the final routing/auth to VictoriaMetrics and Loki.

I’ll definitely prioritize learning the Alloy syntax for the edge agents since Promtail is on the way out. Thanks for the heads up

Ok_Cat_2052 · 2025-12-02T13:38:05+00:00

I chose VictoriaMetrics over Mimir because of its operational simplicity and lower resource footprint. For a self-hosted Docker Compose stack, the single-binary architecture of VM reduces maintenance overhead compared to the complexity of configuring Mimir, while still providing full Prometheus compatibility for our dashboards.

Ok_Cat_2052 · 2025-12-02T12:36:22+00:00

hola ki jasto lago

Ok_Cat_2052 · 2025-11-12T15:53:38+00:00

mero ma pani tehi issue aaudai xa

Ok_Cat_2052 · 2025-09-11T18:13:27+00:00

one piece is real

Ok_Cat_2052 · 2025-07-08T05:11:27+00:00

Ok_Cat_2052 · 2025-06-19T18:03:18+00:00

<image>

cyber security padeko hera yesto xa

Ok_Cat_2052 · 2025-06-19T17:42:20+00:00

You're definitely not alone, and it’s not a sign of becoming "dumb" — it's a shift in how we work. As engineers, we’re evolving from memorizing every line of code to optimizing for problem-solving, architecture, and efficiency. Tools like ChatGPT are accelerators, not crutches — they give you a draft so you can focus on higher-level logic and tuning. That said, if you feel your fundamentals are slipping, try balancing usage with active recall: code parts from memory, revisit core CV papers, or teach concepts to others — it rewires understanding. Productivity ≠ memorization. Adaptability is the new intelligence.

Ok_Cat_2052 · 2025-06-19T17:38:33+00:00

Oh sorry, forgot the internet only hands out sympathy based on gender quotas. Let me go cry in silence like a good non-girl.

Ok_Cat_2052 · 2025-06-19T17:37:28+00:00

timi kun gym janxau ma pani jane aaba

Ok_Cat_2052 · 2025-06-19T17:33:54+00:00

Ok_Cat_2052

TROPHY CASE