diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ
diff --git a/config/default/deployment.yaml b/config/default/deployment.yaml
new file mode 100644
index 0000000..8edb250
--- /dev/null
+++ b/config/default/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  selector:
+    matchLabels:
+      app: okta-oauth
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: okta-oauth
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+       - name: okta-oauth
+         image: docker.jerxie.com/okta-oauth:latest
+         imagePullPolicy: Always
+         env:
+           - name: CLIENT_ID
+             value: "0oa5cp8nmuWCBA8To5d7"
+           - name: CLIENT_SECRET
+             value: "ZEDemeNYBPGWnav_w2hP6M8MF9L9nXCN49WUi-V8"
+           - name: ORG_URL
+             value: "dev-86003037.okta.com"
+           - name: KUBE_APISERVER
+             value: "https://apiserver.example.com" 
+           - name: KUBE_CA
+             value: "abcd..."              
+         resources:
+           limits:
+             cpu: "100m"
+             memory: "60Mi"
+           requests:
+             cpu: "50m"
+             memory: "30Mi"
+         livenessProbe:
+           httpGet:
+             path: /health
+             port: 8080
+           initialDelaySeconds: 3
+           periodSeconds: 5
+         ports:
+           - containerPort: 8080
+             protocol: TCP
+             name: webport

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ
diff --git a/config/default/deployment.yaml b/config/default/deployment.yaml
new file mode 100644
index 0000000..8edb250
--- /dev/null
+++ b/config/default/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  selector:
+    matchLabels:
+      app: okta-oauth
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: okta-oauth
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+       - name: okta-oauth
+         image: docker.jerxie.com/okta-oauth:latest
+         imagePullPolicy: Always
+         env:
+           - name: CLIENT_ID
+             value: "0oa5cp8nmuWCBA8To5d7"
+           - name: CLIENT_SECRET
+             value: "ZEDemeNYBPGWnav_w2hP6M8MF9L9nXCN49WUi-V8"
+           - name: ORG_URL
+             value: "dev-86003037.okta.com"
+           - name: KUBE_APISERVER
+             value: "https://apiserver.example.com" 
+           - name: KUBE_CA
+             value: "abcd..."              
+         resources:
+           limits:
+             cpu: "100m"
+             memory: "60Mi"
+           requests:
+             cpu: "50m"
+             memory: "30Mi"
+         livenessProbe:
+           httpGet:
+             path: /health
+             port: 8080
+           initialDelaySeconds: 3
+           periodSeconds: 5
+         ports:
+           - containerPort: 8080
+             protocol: TCP
+             name: webport
diff --git a/config/default/ingress.yaml b/config/default/ingress.yaml
new file mode 100644
index 0000000..08a7e82
--- /dev/null
+++ b/config/default/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.org/mergeale-ingress-type: "minion"
+    nginx.ingress.kubernetes.io/rewrite-target: "/$2"
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  rules:
+  - host: kubernetes.jerxie.com
+    http:
+      paths:
+      - backend:
+          service: 
+            name: okta-oauth
+            port:
+              number: 8080
+        path: /demo/okta-oauth(/|$)(.*)
+        pathType: Exact
\ No newline at end of file

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ
diff --git a/config/default/deployment.yaml b/config/default/deployment.yaml
new file mode 100644
index 0000000..8edb250
--- /dev/null
+++ b/config/default/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  selector:
+    matchLabels:
+      app: okta-oauth
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: okta-oauth
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+       - name: okta-oauth
+         image: docker.jerxie.com/okta-oauth:latest
+         imagePullPolicy: Always
+         env:
+           - name: CLIENT_ID
+             value: "0oa5cp8nmuWCBA8To5d7"
+           - name: CLIENT_SECRET
+             value: "ZEDemeNYBPGWnav_w2hP6M8MF9L9nXCN49WUi-V8"
+           - name: ORG_URL
+             value: "dev-86003037.okta.com"
+           - name: KUBE_APISERVER
+             value: "https://apiserver.example.com" 
+           - name: KUBE_CA
+             value: "abcd..."              
+         resources:
+           limits:
+             cpu: "100m"
+             memory: "60Mi"
+           requests:
+             cpu: "50m"
+             memory: "30Mi"
+         livenessProbe:
+           httpGet:
+             path: /health
+             port: 8080
+           initialDelaySeconds: 3
+           periodSeconds: 5
+         ports:
+           - containerPort: 8080
+             protocol: TCP
+             name: webport
diff --git a/config/default/ingress.yaml b/config/default/ingress.yaml
new file mode 100644
index 0000000..08a7e82
--- /dev/null
+++ b/config/default/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.org/mergeale-ingress-type: "minion"
+    nginx.ingress.kubernetes.io/rewrite-target: "/$2"
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  rules:
+  - host: kubernetes.jerxie.com
+    http:
+      paths:
+      - backend:
+          service: 
+            name: okta-oauth
+            port:
+              number: 8080
+        path: /demo/okta-oauth(/|$)(.*)
+        pathType: Exact
\ No newline at end of file
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
new file mode 100644
index 0000000..68a59c0
--- /dev/null
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,14 @@
+kind: Kustomization
+resources:
+- namespace.yaml
+- secret.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+namespace: demo
+
+images:
+- name: okta-oauth
+  newName: docker.jerxie.com/okta-oauth
+  newTag: latest
+apiVersion: kustomize.config.k8s.io/v1beta1

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ
diff --git a/config/default/deployment.yaml b/config/default/deployment.yaml
new file mode 100644
index 0000000..8edb250
--- /dev/null
+++ b/config/default/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  selector:
+    matchLabels:
+      app: okta-oauth
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: okta-oauth
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+       - name: okta-oauth
+         image: docker.jerxie.com/okta-oauth:latest
+         imagePullPolicy: Always
+         env:
+           - name: CLIENT_ID
+             value: "0oa5cp8nmuWCBA8To5d7"
+           - name: CLIENT_SECRET
+             value: "ZEDemeNYBPGWnav_w2hP6M8MF9L9nXCN49WUi-V8"
+           - name: ORG_URL
+             value: "dev-86003037.okta.com"
+           - name: KUBE_APISERVER
+             value: "https://apiserver.example.com" 
+           - name: KUBE_CA
+             value: "abcd..."              
+         resources:
+           limits:
+             cpu: "100m"
+             memory: "60Mi"
+           requests:
+             cpu: "50m"
+             memory: "30Mi"
+         livenessProbe:
+           httpGet:
+             path: /health
+             port: 8080
+           initialDelaySeconds: 3
+           periodSeconds: 5
+         ports:
+           - containerPort: 8080
+             protocol: TCP
+             name: webport
diff --git a/config/default/ingress.yaml b/config/default/ingress.yaml
new file mode 100644
index 0000000..08a7e82
--- /dev/null
+++ b/config/default/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.org/mergeale-ingress-type: "minion"
+    nginx.ingress.kubernetes.io/rewrite-target: "/$2"
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  rules:
+  - host: kubernetes.jerxie.com
+    http:
+      paths:
+      - backend:
+          service: 
+            name: okta-oauth
+            port:
+              number: 8080
+        path: /demo/okta-oauth(/|$)(.*)
+        pathType: Exact
\ No newline at end of file
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
new file mode 100644
index 0000000..68a59c0
--- /dev/null
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,14 @@
+kind: Kustomization
+resources:
+- namespace.yaml
+- secret.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+namespace: demo
+
+images:
+- name: okta-oauth
+  newName: docker.jerxie.com/okta-oauth
+  newTag: latest
+apiVersion: kustomize.config.k8s.io/v1beta1
diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml
new file mode 100644
index 0000000..a34861f
--- /dev/null
+++ b/config/default/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: demo
\ No newline at end of file

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ
diff --git a/config/default/deployment.yaml b/config/default/deployment.yaml
new file mode 100644
index 0000000..8edb250
--- /dev/null
+++ b/config/default/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  selector:
+    matchLabels:
+      app: okta-oauth
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: okta-oauth
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+       - name: okta-oauth
+         image: docker.jerxie.com/okta-oauth:latest
+         imagePullPolicy: Always
+         env:
+           - name: CLIENT_ID
+             value: "0oa5cp8nmuWCBA8To5d7"
+           - name: CLIENT_SECRET
+             value: "ZEDemeNYBPGWnav_w2hP6M8MF9L9nXCN49WUi-V8"
+           - name: ORG_URL
+             value: "dev-86003037.okta.com"
+           - name: KUBE_APISERVER
+             value: "https://apiserver.example.com" 
+           - name: KUBE_CA
+             value: "abcd..."              
+         resources:
+           limits:
+             cpu: "100m"
+             memory: "60Mi"
+           requests:
+             cpu: "50m"
+             memory: "30Mi"
+         livenessProbe:
+           httpGet:
+             path: /health
+             port: 8080
+           initialDelaySeconds: 3
+           periodSeconds: 5
+         ports:
+           - containerPort: 8080
+             protocol: TCP
+             name: webport
diff --git a/config/default/ingress.yaml b/config/default/ingress.yaml
new file mode 100644
index 0000000..08a7e82
--- /dev/null
+++ b/config/default/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.org/mergeale-ingress-type: "minion"
+    nginx.ingress.kubernetes.io/rewrite-target: "/$2"
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  rules:
+  - host: kubernetes.jerxie.com
+    http:
+      paths:
+      - backend:
+          service: 
+            name: okta-oauth
+            port:
+              number: 8080
+        path: /demo/okta-oauth(/|$)(.*)
+        pathType: Exact
\ No newline at end of file
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
new file mode 100644
index 0000000..68a59c0
--- /dev/null
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,14 @@
+kind: Kustomization
+resources:
+- namespace.yaml
+- secret.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+namespace: demo
+
+images:
+- name: okta-oauth
+  newName: docker.jerxie.com/okta-oauth
+  newTag: latest
+apiVersion: kustomize.config.k8s.io/v1beta1
diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml
new file mode 100644
index 0000000..a34861f
--- /dev/null
+++ b/config/default/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: demo
\ No newline at end of file
diff --git a/config/default/secret.yaml b/config/default/secret.yaml
new file mode 100644
index 0000000..85a1a05
--- /dev/null
+++ b/config/default/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: regcred
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXIuamVyeGllLmNvbSI6eyJ1c2VybmFtZSI6InJlZ2lzdHJ5IiwicGFzc3dvcmQiOiJyZWdpc3RyeSIsImVtYWlsIjoiYXhpZXlhbmdiQGdtYWlsLmNvbSIsImF1dGgiOiJjbVZuYVhOMGNuazZjbVZuYVhOMGNuaz0ifX19
\ No newline at end of file

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ
diff --git a/config/default/deployment.yaml b/config/default/deployment.yaml
new file mode 100644
index 0000000..8edb250
--- /dev/null
+++ b/config/default/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  selector:
+    matchLabels:
+      app: okta-oauth
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: okta-oauth
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+       - name: okta-oauth
+         image: docker.jerxie.com/okta-oauth:latest
+         imagePullPolicy: Always
+         env:
+           - name: CLIENT_ID
+             value: "0oa5cp8nmuWCBA8To5d7"
+           - name: CLIENT_SECRET
+             value: "ZEDemeNYBPGWnav_w2hP6M8MF9L9nXCN49WUi-V8"
+           - name: ORG_URL
+             value: "dev-86003037.okta.com"
+           - name: KUBE_APISERVER
+             value: "https://apiserver.example.com" 
+           - name: KUBE_CA
+             value: "abcd..."              
+         resources:
+           limits:
+             cpu: "100m"
+             memory: "60Mi"
+           requests:
+             cpu: "50m"
+             memory: "30Mi"
+         livenessProbe:
+           httpGet:
+             path: /health
+             port: 8080
+           initialDelaySeconds: 3
+           periodSeconds: 5
+         ports:
+           - containerPort: 8080
+             protocol: TCP
+             name: webport
diff --git a/config/default/ingress.yaml b/config/default/ingress.yaml
new file mode 100644
index 0000000..08a7e82
--- /dev/null
+++ b/config/default/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.org/mergeale-ingress-type: "minion"
+    nginx.ingress.kubernetes.io/rewrite-target: "/$2"
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  rules:
+  - host: kubernetes.jerxie.com
+    http:
+      paths:
+      - backend:
+          service: 
+            name: okta-oauth
+            port:
+              number: 8080
+        path: /demo/okta-oauth(/|$)(.*)
+        pathType: Exact
\ No newline at end of file
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
new file mode 100644
index 0000000..68a59c0
--- /dev/null
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,14 @@
+kind: Kustomization
+resources:
+- namespace.yaml
+- secret.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+namespace: demo
+
+images:
+- name: okta-oauth
+  newName: docker.jerxie.com/okta-oauth
+  newTag: latest
+apiVersion: kustomize.config.k8s.io/v1beta1
diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml
new file mode 100644
index 0000000..a34861f
--- /dev/null
+++ b/config/default/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: demo
\ No newline at end of file
diff --git a/config/default/secret.yaml b/config/default/secret.yaml
new file mode 100644
index 0000000..85a1a05
--- /dev/null
+++ b/config/default/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: regcred
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXIuamVyeGllLmNvbSI6eyJ1c2VybmFtZSI6InJlZ2lzdHJ5IiwicGFzc3dvcmQiOiJyZWdpc3RyeSIsImVtYWlsIjoiYXhpZXlhbmdiQGdtYWlsLmNvbSIsImF1dGgiOiJjbVZuYVhOMGNuazZjbVZuYVhOMGNuaz0ifX19
\ No newline at end of file
diff --git a/config/default/service.yaml b/config/default/service.yaml
new file mode 100644
index 0000000..2655fca
--- /dev/null
+++ b/config/default/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+  selector:
+    app: okta-oauth
+  type: ClusterIP
\ No newline at end of file

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ
diff --git a/config/default/deployment.yaml b/config/default/deployment.yaml
new file mode 100644
index 0000000..8edb250
--- /dev/null
+++ b/config/default/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  selector:
+    matchLabels:
+      app: okta-oauth
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: okta-oauth
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+       - name: okta-oauth
+         image: docker.jerxie.com/okta-oauth:latest
+         imagePullPolicy: Always
+         env:
+           - name: CLIENT_ID
+             value: "0oa5cp8nmuWCBA8To5d7"
+           - name: CLIENT_SECRET
+             value: "ZEDemeNYBPGWnav_w2hP6M8MF9L9nXCN49WUi-V8"
+           - name: ORG_URL
+             value: "dev-86003037.okta.com"
+           - name: KUBE_APISERVER
+             value: "https://apiserver.example.com" 
+           - name: KUBE_CA
+             value: "abcd..."              
+         resources:
+           limits:
+             cpu: "100m"
+             memory: "60Mi"
+           requests:
+             cpu: "50m"
+             memory: "30Mi"
+         livenessProbe:
+           httpGet:
+             path: /health
+             port: 8080
+           initialDelaySeconds: 3
+           periodSeconds: 5
+         ports:
+           - containerPort: 8080
+             protocol: TCP
+             name: webport
diff --git a/config/default/ingress.yaml b/config/default/ingress.yaml
new file mode 100644
index 0000000..08a7e82
--- /dev/null
+++ b/config/default/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.org/mergeale-ingress-type: "minion"
+    nginx.ingress.kubernetes.io/rewrite-target: "/$2"
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  rules:
+  - host: kubernetes.jerxie.com
+    http:
+      paths:
+      - backend:
+          service: 
+            name: okta-oauth
+            port:
+              number: 8080
+        path: /demo/okta-oauth(/|$)(.*)
+        pathType: Exact
\ No newline at end of file
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
new file mode 100644
index 0000000..68a59c0
--- /dev/null
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,14 @@
+kind: Kustomization
+resources:
+- namespace.yaml
+- secret.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+namespace: demo
+
+images:
+- name: okta-oauth
+  newName: docker.jerxie.com/okta-oauth
+  newTag: latest
+apiVersion: kustomize.config.k8s.io/v1beta1
diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml
new file mode 100644
index 0000000..a34861f
--- /dev/null
+++ b/config/default/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: demo
\ No newline at end of file
diff --git a/config/default/secret.yaml b/config/default/secret.yaml
new file mode 100644
index 0000000..85a1a05
--- /dev/null
+++ b/config/default/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: regcred
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXIuamVyeGllLmNvbSI6eyJ1c2VybmFtZSI6InJlZ2lzdHJ5IiwicGFzc3dvcmQiOiJyZWdpc3RyeSIsImVtYWlsIjoiYXhpZXlhbmdiQGdtYWlsLmNvbSIsImF1dGgiOiJjbVZuYVhOMGNuazZjbVZuYVhOMGNuaz0ifX19
\ No newline at end of file
diff --git a/config/default/service.yaml b/config/default/service.yaml
new file mode 100644
index 0000000..2655fca
--- /dev/null
+++ b/config/default/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+  selector:
+    app: okta-oauth
+  type: ClusterIP
\ No newline at end of file
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..5933ee4
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,25 @@
+module okta-oauth
+
+go 1.18
+
+require (
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/gin-gonic/gin v1.8.1 // indirect
+	github.com/go-playground/locales v0.14.0 // indirect
+	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/go-playground/validator/v10 v10.10.0 // indirect
+	github.com/goccy/go-json v0.9.7 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
+	github.com/ugorji/go/codec v1.2.7 // indirect
+	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
+	golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069 // indirect
+	golang.org/x/text v0.3.6 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+)

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ
diff --git a/config/default/deployment.yaml b/config/default/deployment.yaml
new file mode 100644
index 0000000..8edb250
--- /dev/null
+++ b/config/default/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  selector:
+    matchLabels:
+      app: okta-oauth
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: okta-oauth
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+       - name: okta-oauth
+         image: docker.jerxie.com/okta-oauth:latest
+         imagePullPolicy: Always
+         env:
+           - name: CLIENT_ID
+             value: "0oa5cp8nmuWCBA8To5d7"
+           - name: CLIENT_SECRET
+             value: "ZEDemeNYBPGWnav_w2hP6M8MF9L9nXCN49WUi-V8"
+           - name: ORG_URL
+             value: "dev-86003037.okta.com"
+           - name: KUBE_APISERVER
+             value: "https://apiserver.example.com" 
+           - name: KUBE_CA
+             value: "abcd..."              
+         resources:
+           limits:
+             cpu: "100m"
+             memory: "60Mi"
+           requests:
+             cpu: "50m"
+             memory: "30Mi"
+         livenessProbe:
+           httpGet:
+             path: /health
+             port: 8080
+           initialDelaySeconds: 3
+           periodSeconds: 5
+         ports:
+           - containerPort: 8080
+             protocol: TCP
+             name: webport
diff --git a/config/default/ingress.yaml b/config/default/ingress.yaml
new file mode 100644
index 0000000..08a7e82
--- /dev/null
+++ b/config/default/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.org/mergeale-ingress-type: "minion"
+    nginx.ingress.kubernetes.io/rewrite-target: "/$2"
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  rules:
+  - host: kubernetes.jerxie.com
+    http:
+      paths:
+      - backend:
+          service: 
+            name: okta-oauth
+            port:
+              number: 8080
+        path: /demo/okta-oauth(/|$)(.*)
+        pathType: Exact
\ No newline at end of file
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
new file mode 100644
index 0000000..68a59c0
--- /dev/null
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,14 @@
+kind: Kustomization
+resources:
+- namespace.yaml
+- secret.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+namespace: demo
+
+images:
+- name: okta-oauth
+  newName: docker.jerxie.com/okta-oauth
+  newTag: latest
+apiVersion: kustomize.config.k8s.io/v1beta1
diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml
new file mode 100644
index 0000000..a34861f
--- /dev/null
+++ b/config/default/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: demo
\ No newline at end of file
diff --git a/config/default/secret.yaml b/config/default/secret.yaml
new file mode 100644
index 0000000..85a1a05
--- /dev/null
+++ b/config/default/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: regcred
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXIuamVyeGllLmNvbSI6eyJ1c2VybmFtZSI6InJlZ2lzdHJ5IiwicGFzc3dvcmQiOiJyZWdpc3RyeSIsImVtYWlsIjoiYXhpZXlhbmdiQGdtYWlsLmNvbSIsImF1dGgiOiJjbVZuYVhOMGNuazZjbVZuYVhOMGNuaz0ifX19
\ No newline at end of file
diff --git a/config/default/service.yaml b/config/default/service.yaml
new file mode 100644
index 0000000..2655fca
--- /dev/null
+++ b/config/default/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+  selector:
+    app: okta-oauth
+  type: ClusterIP
\ No newline at end of file
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..5933ee4
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,25 @@
+module okta-oauth
+
+go 1.18
+
+require (
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/gin-gonic/gin v1.8.1 // indirect
+	github.com/go-playground/locales v0.14.0 // indirect
+	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/go-playground/validator/v10 v10.10.0 // indirect
+	github.com/goccy/go-json v0.9.7 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
+	github.com/ugorji/go/codec v1.2.7 // indirect
+	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
+	golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069 // indirect
+	golang.org/x/text v0.3.6 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..c81df80
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,75 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
+github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
+github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
+github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
+github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
+github.com/go-playground/validator/v10 v10.10.0 h1:I7mrTYv78z8k8VXa/qJlOlEXn/nBh+BF8dHX5nt/dr0=
+github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
+github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
+github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
+github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
+github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
+github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
+github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069 h1:siQdpVirKtzPhKl3lZWozZraCFObP8S1v6PRp0bLrtU=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ
diff --git a/config/default/deployment.yaml b/config/default/deployment.yaml
new file mode 100644
index 0000000..8edb250
--- /dev/null
+++ b/config/default/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  selector:
+    matchLabels:
+      app: okta-oauth
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: okta-oauth
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+       - name: okta-oauth
+         image: docker.jerxie.com/okta-oauth:latest
+         imagePullPolicy: Always
+         env:
+           - name: CLIENT_ID
+             value: "0oa5cp8nmuWCBA8To5d7"
+           - name: CLIENT_SECRET
+             value: "ZEDemeNYBPGWnav_w2hP6M8MF9L9nXCN49WUi-V8"
+           - name: ORG_URL
+             value: "dev-86003037.okta.com"
+           - name: KUBE_APISERVER
+             value: "https://apiserver.example.com" 
+           - name: KUBE_CA
+             value: "abcd..."              
+         resources:
+           limits:
+             cpu: "100m"
+             memory: "60Mi"
+           requests:
+             cpu: "50m"
+             memory: "30Mi"
+         livenessProbe:
+           httpGet:
+             path: /health
+             port: 8080
+           initialDelaySeconds: 3
+           periodSeconds: 5
+         ports:
+           - containerPort: 8080
+             protocol: TCP
+             name: webport
diff --git a/config/default/ingress.yaml b/config/default/ingress.yaml
new file mode 100644
index 0000000..08a7e82
--- /dev/null
+++ b/config/default/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.org/mergeale-ingress-type: "minion"
+    nginx.ingress.kubernetes.io/rewrite-target: "/$2"
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  rules:
+  - host: kubernetes.jerxie.com
+    http:
+      paths:
+      - backend:
+          service: 
+            name: okta-oauth
+            port:
+              number: 8080
+        path: /demo/okta-oauth(/|$)(.*)
+        pathType: Exact
\ No newline at end of file
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
new file mode 100644
index 0000000..68a59c0
--- /dev/null
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,14 @@
+kind: Kustomization
+resources:
+- namespace.yaml
+- secret.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+namespace: demo
+
+images:
+- name: okta-oauth
+  newName: docker.jerxie.com/okta-oauth
+  newTag: latest
+apiVersion: kustomize.config.k8s.io/v1beta1
diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml
new file mode 100644
index 0000000..a34861f
--- /dev/null
+++ b/config/default/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: demo
\ No newline at end of file
diff --git a/config/default/secret.yaml b/config/default/secret.yaml
new file mode 100644
index 0000000..85a1a05
--- /dev/null
+++ b/config/default/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: regcred
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXIuamVyeGllLmNvbSI6eyJ1c2VybmFtZSI6InJlZ2lzdHJ5IiwicGFzc3dvcmQiOiJyZWdpc3RyeSIsImVtYWlsIjoiYXhpZXlhbmdiQGdtYWlsLmNvbSIsImF1dGgiOiJjbVZuYVhOMGNuazZjbVZuYVhOMGNuaz0ifX19
\ No newline at end of file
diff --git a/config/default/service.yaml b/config/default/service.yaml
new file mode 100644
index 0000000..2655fca
--- /dev/null
+++ b/config/default/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+  selector:
+    app: okta-oauth
+  type: ClusterIP
\ No newline at end of file
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..5933ee4
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,25 @@
+module okta-oauth
+
+go 1.18
+
+require (
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/gin-gonic/gin v1.8.1 // indirect
+	github.com/go-playground/locales v0.14.0 // indirect
+	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/go-playground/validator/v10 v10.10.0 // indirect
+	github.com/goccy/go-json v0.9.7 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
+	github.com/ugorji/go/codec v1.2.7 // indirect
+	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
+	golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069 // indirect
+	golang.org/x/text v0.3.6 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..c81df80
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,75 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
+github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
+github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
+github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
+github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
+github.com/go-playground/validator/v10 v10.10.0 h1:I7mrTYv78z8k8VXa/qJlOlEXn/nBh+BF8dHX5nt/dr0=
+github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
+github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
+github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
+github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
+github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
+github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
+github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069 h1:siQdpVirKtzPhKl3lZWozZraCFObP8S1v6PRp0bLrtU=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..cdb5abe
--- /dev/null
+++ b/main.go
@@ -0,0 +1,76 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+
+	"github.com/gin-gonic/gin"
+)
+
+var (
+	clientID      string
+	clientSercert string
+	orgURL        string
+	kubeCA        string
+	kubeAPIServer string
+)
+
+func addHtmlTemplates(r *gin.Engine) {
+	r.LoadHTMLGlob("templates/**/*")
+
+	// Add health check page
+	r.GET("/health", func(ctx *gin.Context) {
+		ctx.String(http.StatusOK, "healthy")
+	})
+
+	// Add login page.
+	r.GET("/authentication/login", func(ctx *gin.Context) {
+		ctx.HTML(http.StatusOK, "authentication/login.tmpl", gin.H{
+			"orgURL":        orgURL,
+			"clientID":      clientID,
+			"kubeCA":        kubeCA,
+			"kubeAPIServer": kubeAPIServer,
+		})
+	})
+}
+
+func loadEnvironments() error {
+	var found bool
+	if clientID, found = os.LookupEnv("CLIENT_ID"); found != true || clientID == "" {
+		return fmt.Errorf("Missing env CLIENT_ID")
+	}
+
+	if clientSercert, found = os.LookupEnv("CLIENT_SECRET"); found != true || clientSercert == "" {
+		return fmt.Errorf("Missing env CLIENT_SECRET")
+	}
+
+	if orgURL, found = os.LookupEnv("ORG_URL"); found != true || orgURL == "" {
+		return fmt.Errorf("Missing env ORG_URL")
+	}
+
+	if kubeAPIServer, found = os.LookupEnv("KUBE_APISERVER"); found != true || kubeAPIServer == "" {
+		return fmt.Errorf("Missing env KUBE_APISERVER")
+	}
+
+	if kubeCA, found = os.LookupEnv("KUBE_CA"); found != true || kubeCA == "" {
+		return fmt.Errorf("Missing env KUBE_CA")
+	}
+	return nil
+}
+
+func main() {
+	if err := loadEnvironments(); err != nil {
+		fmt.Printf(err.Error())
+		return
+	}
+
+	router := gin.Default()
+	addHtmlTemplates(router)
+	server := http.Server{
+		Addr:    "0.0.0.0:8080",
+		Handler: router.Handler(),
+	}
+
+	server.ListenAndServe()
+}

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..7adbdad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Build the manager binary
+FROM golang:1.17 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o okta-oauth main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/okta-oauth .
+COPY templates/ templates/
+USER 65532:65532
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT ["/okta-oauth"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..a93326f
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,64 @@
+# Image URL to use all building/pushing image targets
+IMG ?= docker.jerxie.com/okta-oauth:latest
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+##@ Build
+
+.PHONY: build
+build: fmt vet ## Build manager binary.
+	go build -o bin/main main.go
+
+.PHONY: test
+test: fmt vet
+	go test ./...
+
+.PHONY: run
+run: fmt vet
+	go run ./main.go
+
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	rm $(KUSTOMIZE) && curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: deploy
+deploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: kustomize
+	cd config/default && $(KUSTOMIZE) edit set image okta-oauth=$(IMG)
+	$(KUSTOMIZE) build config/default | kubectl delete -f -
+
+.PHONY: all
+all: build docker-build docker-push undeploy deploy
diff --git a/bin/main b/bin/main
new file mode 100755
index 0000000..ece38f6
--- /dev/null
+++ b/bin/main
Binary files differ
diff --git a/config/default/deployment.yaml b/config/default/deployment.yaml
new file mode 100644
index 0000000..8edb250
--- /dev/null
+++ b/config/default/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  selector:
+    matchLabels:
+      app: okta-oauth
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: okta-oauth
+    spec:
+      imagePullSecrets:
+      - name: regcred
+      containers:
+       - name: okta-oauth
+         image: docker.jerxie.com/okta-oauth:latest
+         imagePullPolicy: Always
+         env:
+           - name: CLIENT_ID
+             value: "0oa5cp8nmuWCBA8To5d7"
+           - name: CLIENT_SECRET
+             value: "ZEDemeNYBPGWnav_w2hP6M8MF9L9nXCN49WUi-V8"
+           - name: ORG_URL
+             value: "dev-86003037.okta.com"
+           - name: KUBE_APISERVER
+             value: "https://apiserver.example.com" 
+           - name: KUBE_CA
+             value: "abcd..."              
+         resources:
+           limits:
+             cpu: "100m"
+             memory: "60Mi"
+           requests:
+             cpu: "50m"
+             memory: "30Mi"
+         livenessProbe:
+           httpGet:
+             path: /health
+             port: 8080
+           initialDelaySeconds: 3
+           periodSeconds: 5
+         ports:
+           - containerPort: 8080
+             protocol: TCP
+             name: webport
diff --git a/config/default/ingress.yaml b/config/default/ingress.yaml
new file mode 100644
index 0000000..08a7e82
--- /dev/null
+++ b/config/default/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.org/mergeale-ingress-type: "minion"
+    nginx.ingress.kubernetes.io/rewrite-target: "/$2"
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  rules:
+  - host: kubernetes.jerxie.com
+    http:
+      paths:
+      - backend:
+          service: 
+            name: okta-oauth
+            port:
+              number: 8080
+        path: /demo/okta-oauth(/|$)(.*)
+        pathType: Exact
\ No newline at end of file
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
new file mode 100644
index 0000000..68a59c0
--- /dev/null
+++ b/config/default/kustomization.yaml
@@ -0,0 +1,14 @@
+kind: Kustomization
+resources:
+- namespace.yaml
+- secret.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+namespace: demo
+
+images:
+- name: okta-oauth
+  newName: docker.jerxie.com/okta-oauth
+  newTag: latest
+apiVersion: kustomize.config.k8s.io/v1beta1
diff --git a/config/default/namespace.yaml b/config/default/namespace.yaml
new file mode 100644
index 0000000..a34861f
--- /dev/null
+++ b/config/default/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: demo
\ No newline at end of file
diff --git a/config/default/secret.yaml b/config/default/secret.yaml
new file mode 100644
index 0000000..85a1a05
--- /dev/null
+++ b/config/default/secret.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: regcred
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: eyJhdXRocyI6eyJkb2NrZXIuamVyeGllLmNvbSI6eyJ1c2VybmFtZSI6InJlZ2lzdHJ5IiwicGFzc3dvcmQiOiJyZWdpc3RyeSIsImVtYWlsIjoiYXhpZXlhbmdiQGdtYWlsLmNvbSIsImF1dGgiOiJjbVZuYVhOMGNuazZjbVZuYVhOMGNuaz0ifX19
\ No newline at end of file
diff --git a/config/default/service.yaml b/config/default/service.yaml
new file mode 100644
index 0000000..2655fca
--- /dev/null
+++ b/config/default/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: okta-oauth
+  labels:
+    app: okta-oauth
+spec:
+  ports:
+  - port: 8080
+    protocol: TCP
+  selector:
+    app: okta-oauth
+  type: ClusterIP
\ No newline at end of file
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..5933ee4
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,25 @@
+module okta-oauth
+
+go 1.18
+
+require (
+	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/gin-gonic/gin v1.8.1 // indirect
+	github.com/go-playground/locales v0.14.0 // indirect
+	github.com/go-playground/universal-translator v0.18.0 // indirect
+	github.com/go-playground/validator/v10 v10.10.0 // indirect
+	github.com/goccy/go-json v0.9.7 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
+	github.com/ugorji/go/codec v1.2.7 // indirect
+	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
+	golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069 // indirect
+	golang.org/x/text v0.3.6 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..c81df80
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,75 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
+github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
+github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
+github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
+github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
+github.com/go-playground/validator/v10 v10.10.0 h1:I7mrTYv78z8k8VXa/qJlOlEXn/nBh+BF8dHX5nt/dr0=
+github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
+github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
+github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
+github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
+github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
+github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
+github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069 h1:siQdpVirKtzPhKl3lZWozZraCFObP8S1v6PRp0bLrtU=
+golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..cdb5abe
--- /dev/null
+++ b/main.go
@@ -0,0 +1,76 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+
+	"github.com/gin-gonic/gin"
+)
+
+var (
+	clientID      string
+	clientSercert string
+	orgURL        string
+	kubeCA        string
+	kubeAPIServer string
+)
+
+func addHtmlTemplates(r *gin.Engine) {
+	r.LoadHTMLGlob("templates/**/*")
+
+	// Add health check page
+	r.GET("/health", func(ctx *gin.Context) {
+		ctx.String(http.StatusOK, "healthy")
+	})
+
+	// Add login page.
+	r.GET("/authentication/login", func(ctx *gin.Context) {
+		ctx.HTML(http.StatusOK, "authentication/login.tmpl", gin.H{
+			"orgURL":        orgURL,
+			"clientID":      clientID,
+			"kubeCA":        kubeCA,
+			"kubeAPIServer": kubeAPIServer,
+		})
+	})
+}
+
+func loadEnvironments() error {
+	var found bool
+	if clientID, found = os.LookupEnv("CLIENT_ID"); found != true || clientID == "" {
+		return fmt.Errorf("Missing env CLIENT_ID")
+	}
+
+	if clientSercert, found = os.LookupEnv("CLIENT_SECRET"); found != true || clientSercert == "" {
+		return fmt.Errorf("Missing env CLIENT_SECRET")
+	}
+
+	if orgURL, found = os.LookupEnv("ORG_URL"); found != true || orgURL == "" {
+		return fmt.Errorf("Missing env ORG_URL")
+	}
+
+	if kubeAPIServer, found = os.LookupEnv("KUBE_APISERVER"); found != true || kubeAPIServer == "" {
+		return fmt.Errorf("Missing env KUBE_APISERVER")
+	}
+
+	if kubeCA, found = os.LookupEnv("KUBE_CA"); found != true || kubeCA == "" {
+		return fmt.Errorf("Missing env KUBE_CA")
+	}
+	return nil
+}
+
+func main() {
+	if err := loadEnvironments(); err != nil {
+		fmt.Printf(err.Error())
+		return
+	}
+
+	router := gin.Default()
+	addHtmlTemplates(router)
+	server := http.Server{
+		Addr:    "0.0.0.0:8080",
+		Handler: router.Handler(),
+	}
+
+	server.ListenAndServe()
+}
diff --git a/templates/authentication/login.tmpl b/templates/authentication/login.tmpl
new file mode 100644
index 0000000..a53661f
--- /dev/null
+++ b/templates/authentication/login.tmpl
@@ -0,0 +1,157 @@
+{{ define "authentication/login.tmpl" }}
+<html>
+<head>
+
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-0evHe/X+R7YkIZDRvuzKMRqM+OrBnVFBL6DOitfPri4tjfHxaWutUpFmBp4vmVor" crossorigin="anonymous">
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.bundle.min.js" integrity="sha384-pprn3073KE6tl6bjs2QrFaJGz5/SUsLqktiwsUTF55Jfv3qYSDhgCecCxMW52nD2" crossorigin="anonymous"></script>
+
+<!-- widget stuff here -->
+<script src="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/2.16.0/js/okta-sign-in.min.js" type="text/javascript"></script>
+<link href="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/2.16.0/css/okta-sign-in.min.css" type="text/css" rel="stylesheet"/>
+<link href="https://ok1static.oktacdn.com/assets/js/sdk/okta-signin-widget/2.16.0/css/okta-theme.css" type="text/css" rel="stylesheet"/>
+</head>
+  <body>
+    <div class="container md-12 mt-3">
+      <h1 class="text-center">Okta Single Sign On (SSO)</h1>
+      <div id="messageBox" class="alert alert-primary">
+        Please Login with your Okta credential
+      </div>
+      <div id="signout" style="display:none">
+     <button type="button" class="btn btn-danger" onclick="signout()">Sign Out</button>
+      </div>
+      <!-- where the sign-in form will be displayed -->
+      <div id="okta-login-container"></div>
+
+      <br/>
+      <hr />
+
+      <div id="response" style="display:none">
+      <h3>Kubeconfig File &nbsp;&nbsp;&nbsp;<span><a href="" id="downloadUrl"  class="btn btn-primary" download="config">Download</a></span></h3>
+      <pre id="kubeconfig">
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: {{ .kubeCA }}
+    server: {{ .kubeAPIServer }}
+  name: kubernetes
+contexts:
+- context:
+    cluster: kubernetes
+    user: %username%
+  name: kubernetes-admin@kubernetes
+current-context: kubernetes-admin@kubernetes
+kind: Config
+preferences: {}
+users:
+- name: %username%
+  user:
+    auth-provider:
+      config:
+        id-token: %idToken%
+      name: oidc
+      </pre>
+
+      <hr />
+      <h3>Okta Response Payload:</h3>
+      <pre id="idTokenPayload">N/A</pre>
+      </div>
+    </div>
+
+  </body>
+
+
+<!-- use the Okta widget to power authentication! -->
+<script type="text/javascript">
+
+  // Hide the response block.
+  document.getElementById("response").style.display = "none";
+  // Hide the signout button.
+  document.getElementById("signout").style.display = "none";
+
+  var oktaSignIn = new OktaSignIn({
+    baseUrl: "https://{{ .orgURL }}",
+    clientId: "{{ .clientID }}",
+    authParams: {
+      issuer: "https://{{ .orgURL }}/oauth2/default",
+      responseType: ['token', 'id_token'],
+      display: 'page'
+    }
+  });
+
+  if (oktaSignIn.token.hasTokensInUrl()) {
+    oktaSignIn.token.parseTokensFromUrl(
+      // If we get here, the user just logged in.
+
+      function success(res) {
+        var accessTokenPayload = res[0];
+        var idTokenPayload = res[1];
+        oktaSignIn.tokenManager.add('accessToken', accessTokenPayload);
+        oktaSignIn.tokenManager.add('idToken', idTokenPayload);
+        window.location.hash='';
+        renderResponse(accessTokenPayload, idTokenPayload);
+      },
+      function error(err) {
+        console.error(err);
+      }
+    );
+  } else {
+    oktaSignIn.session.get(function (res) {
+      // If we get here, the user is already signed in.
+      var data = localStorage.getItem("okta-token-storage");
+      if (data == null ){
+            oktaSignIn.renderEl(
+              { el: '#okta-login-container' },
+              function success(res) {},
+              function error(err) {
+                console.error(err);
+              }
+            );
+            return;
+      } 
+      var res =JSON.parse(data)
+      var accessToken = res.accessToken;
+      var idToken = res.idToken;
+      console.log(res)
+      renderResponse(accessToken, idToken);
+
+    });
+  }
+
+
+
+  function renderResponse(accessTokenPayload, idTokenPayload){
+        document.getElementById("response").style.display = "block";
+        document.getElementById("signout").style.display = "block";
+        document.getElementById("idTokenPayload").innerHTML=JSON.stringify(idTokenPayload, null, 3);
+        document.getElementById("messageBox").className ="alert alert-success";
+        document.getElementById("messageBox").innerHTML = "Hello, " + idTokenPayload.claims.email + "! You have logged in! :)";
+        generateKubeconfig(idTokenPayload.claims.email, idTokenPayload.idToken)
+  }
+
+  function generateKubeconfig(username, idToken){
+      var config = document.getElementById("kubeconfig").innerHTML;
+      config= config.replaceAll("%username%", username);
+      config= config.replaceAll("%idToken%", idToken);
+      document.getElementById("kubeconfig").innerHTML = config;
+      generateDownloadButton(config)
+  };
+
+  function signout(){
+    oktaSignIn.signOut();
+    localStorage.removeItem("okta-token-storage")
+    location.reload();
+  };
+
+function generateDownloadButton(str) {
+  var url = "data:application/octet-stream;charset=utf-8," + str;
+  document.getElementById('downloadUrl').href = url;
+
+};
+</script>
+
+
+</html>
+
+{{ end }}
\ No newline at end of file