Stacklok Enterprise brings MCP servers into your Kubernetes infrastructure as a first-class workload

Use observability, identity, and policy controls you’re familiar with to reduce the risks of unmanaged MCP servers in your organzation…

Oversight

With unmanaged MCP servers, enterprises have no visibility into what’s running, no record of what happened, and no one to hold accountable.

Security

Unmanaged MCP servers run without isolation, verified identity, or any policy controls — exposing the enterprise to serious security risk.

Consistency

Every developer ends up with a different setup — no shared permissions, configurations, or policies to ensure MCP tools are used consistently across the org.

Fits how your team already works

MCP servers that deploy, scale, and run like any other workload

Developer productivity

MCP servers deploy as native Kubernetes workloads — scheduled, scaled, and managed via CRDs, Helm charts, and Operator-based workflows.

Isolated runtime

Each MCP server runs in its own container with minimal permissions by default. Network controls, secret management, and permission profiles keep blast radius contained.

Multi-namespace,
multi-tenant

Platform teams define a curated catalog of MCP servers across namespaces. Developers self-serve. RBAC ships out of the box.

MCP gateway

One endpoint per team, environment, or security boundary. Circuit breakers prevent cascading failures; composite tools power multi-step workflows.

Stacklok Enterprise delivers results

Our platform delivers a complete out-of-the-box experience, to solve your security challenges and get into production quickly.

Observability

OTel-native

Full traces, metrics, and logs following OpenTelemetry MCP conventions, zero custom instrumentation.

Simple integrations

Send telemetry to any OTLP-compatible backend: Splunk, Datadog, Grafana, New Relic, Prometheus, and more.

Complete visibility

Monitor server downloads, tool invocations, error rates, latency, and usage by team or developer, straight to your existing dashboards.

Identity

OIDC/OAuth SSO

Federated authentication through your existing identity provider — Okta, Entra ID, Google, or any OIDC-compliant IdP.

No local credentials

Eliminates stored API keys and personal access tokens, with automatic credential rotation.

Secure token exchange

Developers authenticate once via SSO and receive scoped, short-lived tokens without manual credential management.

Policy as Code

Declarative access

Define who can access which MCP servers and tools with RBAC, ABAC, and claim-based authorization.

Pluggable policy engine

Works with multiple policy backends and integrates with your existing policy infrastructure.

Auditable and version-controlled

Policies live alongside your configs and follow the same CI/CD workflows as the rest of your infrastructure.

Stacklok’s deep Kubernetes expertise

Expertise

Stacklok’s founder and CEO, Craig McLuckie, is a co-creator of Kubernetes

Platform

Our ToolHive open source MCP platform has external maintainers and an active community

Team

Built by platform engineers, for platform engineers with enterprise security, attestation, and SLA-backed support.

Talk to Us

Every demo is led by a product leader or AI engineer. We will focus the demo according to your priorities. Once you submit the form, we’ll be in touch within one business day to schedule a 30-minute demo.