diff --git a/Makefile b/Makefile
index 5639c37..7b23282 100644
--- a/Makefile
+++ b/Makefile
@@ -21,15 +21,20 @@ clean:
 	rm -rf oc-auth oc-auth.tar.gz
 
 docker:
-	DOCKER_BUILDKIT=1 docker build -t oc/oc-auth:0.0.1 -f Dockerfile .
-	docker tag oc/oc-auth:0.0.1 oc/oc-auth:latest
+	DOCKER_BUILDKIT=1 docker build -t oc-auth -f Dockerfile . --build-arg=HOST=$(HOST)
+	docker tag oc-auth:latest oc/oc-auth:0.0.1
 
 publish-kind:
-	kind load docker-image oc/oc-auth:0.0.1 --name opencloud
+	kind load docker-image oc/oc-auth:0.0.1 --name opencloud | true
 
 publish-registry:
 	@echo "TODO"
 
+docker-deploy:
+	docker compose up -d
+
+run-docker: docker publish-kind publish-registry docker-deploy
+
 all: docker publish-kind publish-registry
 
 .PHONY: build run clean docker publish-kind publish-registry
diff --git a/conf/config.go b/conf/config.go
index b1d87c2..01a6c38 100644
--- a/conf/config.go
+++ b/conf/config.go
@@ -22,12 +22,12 @@ type Config struct {
 	AuthConnectPublicHost  string
 	AuthConnectorHost      string
 	AuthConnectorPort      int
-	AuthConnectorAdminPort int
+	AuthConnectorAdminPort string
 
 	PermissionConnectorWriteHost string
 	PermissionConnectorReadHost  string
-	PermissionConnectorPort      int
-	PermissionConnectorAdminPort int
+	PermissionConnectorPort      string
+	PermissionConnectorAdminPort string
 
 	Local bool
 }
diff --git a/controllers/oauth2.go b/controllers/oauth2.go
index 28db564..9e38efe 100644
--- a/controllers/oauth2.go
+++ b/controllers/oauth2.go
@@ -70,6 +70,7 @@ func (o *OAuthController) Login() {
 	if conf.GetConfig().SourceMode == "ldap" {
 		ldap := auth_connectors.New()
 		found, err := ldap.Authenticate(o.Ctx.Request.Context(), res.Username, res.Password)
+		fmt.Println("login", clientID, found, err)
 		if err != nil || !found {
 			o.Data["json"] = err
 			o.Ctx.ResponseWriter.WriteHeader(401)
@@ -84,6 +85,7 @@ func (o *OAuthController) Login() {
 				Name:  "csrf_token",
 				Value: o.XSRFToken(),
 			})
+		fmt.Println("login token", token, err)
 		if err != nil || token == nil {
 			o.Data["json"] = err
 			o.Ctx.ResponseWriter.WriteHeader(401)
diff --git a/env.env b/env.env
new file mode 100644
index 0000000..c0d18f1
--- /dev/null
+++ b/env.env
@@ -0,0 +1,4 @@
+KUBERNETES_SERVICE_HOST=192.168.47.20
+KUBE_CA="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTWpNeE1USXdNell3SGhjTk1qUXdPREE0TVRBeE16VTJXaGNOTXpRd09EQTJNVEF4TXpVMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTWpNeE1USXdNell3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTVlk3ZHZhNEdYTVdkMy9jMlhLN3JLYjlnWXgyNSthaEE0NmkyNVBkSFAKRktQL2UxSVMyWVF0dzNYZW1TTUQxaStZdzJSaVppNUQrSVZUamNtNHdhcnFvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWtlUVJpNFJiODduME5yRnZaWjZHClc2SU55NnN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnRXA5ck04WmdNclRZSHYxZjNzOW5DZXZZeWVVa3lZUk4KWjUzazdoaytJS1FDSVFDbk05TnVGKzlTakIzNDFacGZ5ays2NEpWdkpSM3BhcmVaejdMd2lhNm9kdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+KUBE_CERT="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJWUxWNkFPQkdrU1F3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOekl6TVRFeU1ETTJNQjRYRFRJME1EZ3dPREV3TVRNMU5sb1hEVEkxTURndwpPREV3TVRNMU5sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJGQ2Q1MFdPeWdlQ2syQzcKV2FrOWY4MVAvSkJieVRIajRWOXBsTEo0ck5HeHFtSjJOb2xROFYxdUx5RjBtOTQ2Nkc0RmRDQ2dqaXFVSk92Swp3NVRPNnd5alNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCVFJkOFI5cXVWK2pjeUVmL0ovT1hQSzMyS09XekFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlFQTArbThqTDBJVldvUTZ0dnB4cFo4NVlMalF1SmpwdXM0aDdnSXRxS3NmUVVDSUI2M2ZNdzFBMm5OVWU1TgpIUGZOcEQwSEtwcVN0Wnk4djIyVzliYlJUNklZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTWpNeE1USXdNell3SGhjTk1qUXdPREE0TVRBeE16VTJXaGNOTXpRd09EQTJNVEF4TXpVMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTWpNeE1USXdNell3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFRc3hXWk9pbnIrcVp4TmFEQjVGMGsvTDF5cE01VHAxOFRaeU92ektJazQKRTFsZWVqUm9STW0zNmhPeVljbnN3d3JoNnhSUnBpMW5RdGhyMzg0S0Z6MlBvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTBYZkVmYXJsZm8zTWhIL3lmemx6Cnl0OWlqbHN3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUxJL2dNYnNMT3MvUUpJa3U2WHVpRVMwTEE2cEJHMXgKcnBlTnpGdlZOekZsQWlFQW1wdjBubjZqN3M0MVI0QzFNMEpSL0djNE53MHdldlFmZWdEVGF1R2p3cFk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
+KUBE_DATA="LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU5ZS1BFb1dhd1NKUzJlRW5oWmlYMk5VZlY1ZlhKV2krSVNnV09TNFE5VTlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVUozblJZN0tCNEtUWUx0WnFUMS96VS84a0Z2Sk1lUGhYMm1Vc25pczBiR3FZblkyaVZEeApYVzR2SVhTYjNqcm9iZ1YwSUtDT0twUWs2OHJEbE03ckRBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="
diff --git a/infrastructure/auth_connector/hydra_connector.go b/infrastructure/auth_connector/hydra_connector.go
index baa3b37..d517a6f 100644
--- a/infrastructure/auth_connector/hydra_connector.go
+++ b/infrastructure/auth_connector/hydra_connector.go
@@ -31,7 +31,7 @@ type HydraConnector struct {
 func (a HydraConnector) Status() tools.State {
 	caller := tools.NewHTTPCaller(map[tools.DataType]map[tools.METHOD]string{})
 	var responseBody map[string]interface{}
-	host := conf.GetConfig().AuthConnectorHost
+	host := conf.GetConfig().AuthConnectPublicHost
 	if conf.GetConfig().Local {
 		host = "localhost"
 	}
@@ -80,6 +80,7 @@ func (a HydraConnector) challenge(username string, url string, challenge string,
 	if err != nil {
 		return nil, s[1], cookies, err
 	}
+	fmt.Println(string(b))
 	var token Redirect
 	err = json.Unmarshal(b, &token)
 	if err != nil {
@@ -126,6 +127,7 @@ func (a HydraConnector) tryLog(username string, url string, subpath string, chal
 func (a HydraConnector) getClient(clientID string) string {
 	resp, err := a.Caller.CallGet(a.getPath(true, false), "/clients")
 	if err != nil {
+		fmt.Println(err)
 		return ""
 	}
 	var clients []interface{}
@@ -143,11 +145,16 @@ func (a HydraConnector) getClient(clientID string) string {
 
 func (a HydraConnector) Login(clientID string, username string, cookies ...*http.Cookie) (t *Token, err error) {
 	clientID = a.getClient(clientID)
+	if clientID == "" {
+		return nil, errors.New("no client found")
+	}
 	redirect, _, cookies, err := a.tryLog(username, a.getPath(false, true),
 		"/auth?client_id="+clientID+"&response_type="+strings.ReplaceAll(a.ResponseType, " ", "%20")+"&scope="+strings.ReplaceAll(a.Scopes, " ", "%20")+"&state="+a.State,
 		"login", cookies...)
-	fmt.Println("login", clientID, username, a.getPath(false, true), redirect, err)
 	if err != nil || redirect == nil {
+		if redirect == nil {
+			return nil, errors.New("no oauth redirection " + clientID)
+		}
 		return nil, err
 	}
 	redirect, _, cookies, err = a.tryLog(username, a.urlFormat(redirect.RedirectTo, a.getPath(false, true)), "", "consent", cookies...)
@@ -177,10 +184,12 @@ func (a HydraConnector) Login(clientID string, username string, cookies ...*http
 	var m map[string]interface{}
 	defer resp.Body.Close()
 	b, err := io.ReadAll(resp.Body)
+	fmt.Println("login", b, err, a.getPath(false, true), "/token")
 	if err != nil {
 		return nil, err
 	}
 	err = json.Unmarshal(b, &token)
+	fmt.Println("login2", token, err)
 	if err != nil {
 		return nil, err
 	}
@@ -252,13 +261,16 @@ func (a HydraConnector) Introspect(token string, cookie ...*http.Cookie) (bool,
 }
 
 func (a HydraConnector) getPath(isAdmin bool, isOauth bool) string {
-	host := conf.GetConfig().AuthConnectorHost
+	host := conf.GetConfig().AuthConnectPublicHost
+	if isAdmin {
+		host = conf.GetConfig().AuthConnectorHost
+	}
 	if conf.GetConfig().Local {
 		host = "localhost"
 	}
 	port := fmt.Sprintf("%v", conf.GetConfig().AuthConnectorPort)
 	if isAdmin {
-		port = fmt.Sprintf("%v", conf.GetConfig().AuthConnectorAdminPort) + "/admin"
+		port = fmt.Sprintf("%v", conf.GetConfig().AuthConnectorAdminPort)
 	}
 	oauth := ""
 	if isOauth {
diff --git a/main.go b/main.go
index 7eda6cb..10217dd 100644
--- a/main.go
+++ b/main.go
@@ -43,11 +43,11 @@ func main() {
 	conf.GetConfig().AuthConnectorHost = o.GetStringDefault("AUTH_CONNECTOR_HOST", "localhost")
 	conf.GetConfig().AuthConnectPublicHost = o.GetStringDefault("AUTH_CONNECTOR_PUBLIC_HOST", "localhost")
 	conf.GetConfig().AuthConnectorPort = o.GetIntDefault("AUTH_CONNECTOR_PORT", 4444)
-	conf.GetConfig().AuthConnectorAdminPort = o.GetIntDefault("AUTH_CONNECTOR_ADMIN_PORT", 4445)
+	conf.GetConfig().AuthConnectorAdminPort = o.GetStringDefault("AUTH_CONNECTOR_ADMIN_PORT", "4445/admin")
 	conf.GetConfig().PermissionConnectorWriteHost = o.GetStringDefault("PERMISSION_CONNECTOR_WRITE_HOST", "keto")
 	conf.GetConfig().PermissionConnectorReadHost = o.GetStringDefault("PERMISSION_CONNECTOR_READ_HOST", "keto")
-	conf.GetConfig().PermissionConnectorPort = o.GetIntDefault("PERMISSION_CONNECTOR_PORT", 4466)
-	conf.GetConfig().PermissionConnectorAdminPort = o.GetIntDefault("PERMISSION_CONNECTOR_ADMIN_PORT", 4467)
+	conf.GetConfig().PermissionConnectorPort = o.GetStringDefault("PERMISSION_CONNECTOR_PORT", "4466")
+	conf.GetConfig().PermissionConnectorAdminPort = o.GetStringDefault("PERMISSION_CONNECTOR_ADMIN_PORT", "4467")
 	conf.GetConfig().Local = o.GetBoolDefault("LOCAL", true)
 
 	// config LDAP