Unimoni
Create account
Knowledge base/Architecture

Why push instead of pull (like Prometheus)

Pull problems for our use case

  • It requires an inbound port on the customer host — their firewall has to be opened
  • It does not work through NAT/cloud LB without tricks (the Prometheus pushgateway is a hack)
  • Edge devices with intermittent connectivity lose scrapes while offline

Push upsides

  • Outbound-only over mTLS to our side — the customer opens no ports
  • Edge can buffer locally and push once connectivity returns
  • Direct identity via the peer cert

When pull is better

  • Service discovery in a stable cluster (K8s) — pull is fine there
  • You need scrape-target health checks separately from metrics (pull gives this for free)

We support both models: push agents as the primary one, OTLP pull (via a Prometheus-compatible endpoint) as an option for existing stacks.

Why mTLS instead of a bearer token
Multi-region strategy