Now available — v2.2.1

The Kubernetes-native
MCP control plane

Deploy MCP servers as pods in your own cluster. Any language, any image. Full lifecycle from a single Helm chart. OSS Free up to 20 servers — no signup, no credit card.

Schedule a Demo → View on GitHub →
Install in 5 minutes
$ helm repo add magertron https://magertron.com/charts
$ helm repo update
$ helm install magertron magertron/orchestrator
MCP Orchestrator Dashboard
Enterprise Security

Rogue MCP servers are already inside your network

Developers are spinning up ungoverned MCP servers on laptops, in personal cloud accounts, and inside your perimeter — with no audit trail and no controls. AI agents talking to these servers can execute actions at scale.

Read the security guide →
THREAT VECTOR 01
External AI agents
AI agents outside your perimeter reaching ungoverned internal MCP servers. Perimeter firewalls catch these — but only if the agent actually crosses the perimeter, and only if the MCP server is registered as a public service.
Server Management

Full lifecycle control for every MCP server

Deploy from any container image, monitor real-time CPU and memory metrics, and scale with a slider. Every action is audited.

  • Live metrics charts polling every 5 seconds
  • Real pod logs from Kubernetes API
  • One-click rollback from deployment history
  • Rolling restart with zero downtime
Server Detail Panel
Governance

Enforce policy before anything reaches production

Namespace-scoped governance policies evaluate every deployment at deploy time. Error-severity rules block non-compliant servers. Warnings flag for review.

  • Different policies for prod vs dev environments
  • Resource limits, transport rules, naming standards
  • Dry-run evaluator for pre-flight checks
  • Export/import policies across clusters
Governance Policies
Capabilities
The full MCP lifecycle —
in your Kubernetes cluster
Deploy, registry, gateway, governance, observability. One Helm chart. Apache 2.0. Most platforms cover one or two of these. Magertron covers all five.

Server Lifecycle

Deploy MCP servers as Kubernetes pods. Scale, restart, rollback, undeploy from a single console. Full history with one-click rollback.

MCP Server Registry

Central catalog of every MCP server in your organization. Discover, version, and reference servers across teams. Most MCP platforms don't have a registry at all — Magertron does, and it runs in your cluster.

Governance Engine

Define policies that enforce resource limits, transport requirements, naming standards, and security rules. Namespace-scoped — different rules for prod vs dev.

Multi-Tenant RBAC

Role-based access with namespace isolation. Platform admins, deploy managers, operators, and viewers — each scoped to their allowed namespaces.

Enterprise Identity

OIDC and SAML single sign-on with Okta, Azure AD, and Google Workspace. SCIM 2.0 for automated user provisioning. Just-in-time account creation on first login. Your IdP stays the source of truth.

Audit & Compliance

Every deployment, scale, restart, and config change logged with OCSF-aligned schema. Validated end-to-end with Splunk Cloud — fields auto-extract for SIEM queries. Built for regulated environments.

Envoy Gateway

Dynamic xDS-powered Envoy gateway with push-based route updates. Sub-second latency from deploy to routable. HTTPS termination built in.

Developer Experience
A CLI that gets out
of your way
Single binary, zero dependencies. Deploy, scale, and evaluate governance from your terminal. Ships for macOS and Linux.
$ mcpctl login https://mcp.acme.internal admin
Logged in as admin (system:platform-admin)

$ mcpctl deploy code-assistant mcp-prod ghcr.io/acme/code-assistant --tag v2.1 --team platform
Deploying code-assistant to mcp-prod...
Server deployed (state: Running)

$ mcpctl governance evaluate spec.json --namespace mcp-prod
ALLOWED
⚠ Mutating tools detected — review required before production use

$ mcpctl servers
NAME NAMESPACE STATE REPLICAS IMAGE
code-assistant mcp-prod Running 2/2 ghcr.io/acme/code-assistant:v2.1
search-tool mcp-prod Running 3/3 ghcr.io/acme/search:latest
doc-retriever mcp-staging Running 1/1 ghcr.io/acme/docs:v1.4
Pricing
Choose your plan
Start free with core server management. Scale to Pro for the full toolkit, or Enterprise for governance and compliance.
Open Source
Free
Free forever · Apache 2.0
Up to 20 MCP servers · No signup · No credit card
  • Deploy and manage MCP servers
  • Health monitoring & metrics
  • Envoy gateway with xDS
  • Helm chart deployment
  • Basic RBAC (admin + viewer)
  • Community support via GitHub
  • CLI tool (mcpctl)
  • Live metrics charts
  • Namespace isolation
  • SSO & SCIM provisioning
  • Governance policies
  • Webhooks & audit trail
Get started on GitHub →
Subscription
Pro
$499/mo · billed annually
  • Everything in Free, plus:
  • CLI tool (mcpctl)
  • Live metrics charts
  • Multiple namespaces
  • Deployment history & rollback
  • Email & Slack support
  • SSO (OIDC & SAML)
  • SCIM 2.0 user provisioning
  • Multi-tenant namespace isolation
  • Governance policy engine
  • Webhook notifications
  • Audit trail & compliance
  • Custom RBAC roles
Schedule a Demo →
Commercial
Enterprise
Contact us for pricing
  • Everything in Pro, plus:
  • SSO (OIDC & SAML) — Okta, Azure AD, Google
  • SCIM 2.0 automated user provisioning
  • Just-in-time user provisioning on first login
  • Multi-tenant namespace isolation
  • Governance policy engine
  • Custom RBAC roles & namespace scoping
  • Webhook notifications (Slack, email)
  • Full audit trail for compliance
  • Governance policy export/import
  • Priority support with SLA
  • Dedicated onboarding
  • Custom integrations
Contact sales →

Ready to manage MCP
at enterprise scale?

Start free on GitHub, or talk to us about Pro and Enterprise.

Schedule a Demo → View on GitHub →