Your existing Kubernetes cluster is the ideal MCP server runtime
Stacklok brings MCP servers into your Kubernetes infrastructure as a first-class workload with familiar observability, identity, and policy controls
Your current platform can’t see MCP server sprawl
Developers are connecting AI agents to GitHub, Jira, databases, and internal APIs through MCP servers without:
Oversight
- No observability
- No audit trail
- No accountability
Security
- No container isolation
- No identity
- No governance
Consistency
- No permissions
- No preconfigurations
- No policies
How bad is the sprawl? Stacklok offers a simple MCP scanner and in minutes we can show you where MCP servers are running across your organization.
Run MCP servers the way you run everything else
Developer productivity
Deploy and manage MCP servers using familiar CRDs, Helm charts, and Operator-based workflows. MCP servers become Kubernetes workloads that are scheduled, scaled, and managed like any other pod.
Isolated runtime
Every MCP server runs in its own container with minimal permissions by default. Network access controls, secret management, and fine-grained permission profiles ensure blast radius is contained.
Multi-namespace, multi-tenant
Stacklok’s Registry Server watches MCP servers across namespaces. RBAC support ships out of the box. Platform teams define what’s available and developers self-serve from a curated catalog.
MCP gateway
Aggregate multiple backend MCP servers behind a single endpoint per team, environment, or security boundary. Circuit breakers prevent cascading failures. Composite tools enable multi-step workflows across systems.
This Fortune 500 Financial Services firm used Stacklok’s Kubernetes Operator to orchestrate their full MCP footprint
Critical capabilities
Observability
Full visibility of your MCP Estate with current tools
OTel-native
Do your best work in a setup designed for impact and flexibility. Roles are hybrid or fully remote, depending on team and location.
Simple integrations
Export telemetry to any OTLP-compatible backend: Splunk, Datadog, Dynatrace, Grafana, Honeycomb, New Relic, Prometheus, or your own collector.
Complete visibility
See server downloads, tool invocations, error rates, latency, usage by team, usage by developer, and more in your existing dashboards and alerting pipelines.
Identity
Identity for every MCP server
OIDC/OAuth SSO
Federated authentication through your existing identity provider, including Okta, Entra ID, Google, or any OIDC-compliant IdP.
No local credentials
The embedded authorization server eliminates stored API keys and personal access tokens with automatic credential rotation.
Secure token exchange
Developers authenticate once via SSO and receive scoped, short-lived tokens without manual credential management.
Policy as Code
Govern AI agents the same way you govern infrastructure
Declarative access control
Define who can use which MCP servers and tools using human-readable policies with Support for RBAC, ABAC, and claim-based authorization.
Pluggable policy engine
Our authorization framework supports multiple policy backends, and integrates with your existing policy engine.
Auditable and version-controlled
Policies are written as code and stored alongside configurations. Apply the same CI/CD workflows you use for infrastructure policy.
Deep Kubernetes expertise
Expertise
Stacklok’s founder and CEO, Craig McLuckie, is a co-creator of Kubernetes
Platform
Our ToolHive open source MCP platform has external maintainers and an active community
Team
Our team of platform builders know what matters to platform engineering teams, so we’ve put energy into CVE scanning, SBOMs, supply chain attestation, SLA-backed support and more
Take the next steps
Continue with your due diligence and know that we’re always available for an open conversation
for Enterprise
Start by curating a registry of trusted MCP servers for your enterprise
for Individuals
Dive into the ToolHive repo and docs, and then engage directly with our team.