will allow the request if it includes the header `x-ext-authz: allow` or if the service account of the source workload is `a`.
Note that `a` is just a default value for testing. It can be changed with the flag `-allow_service_account` when running the ext authz server.

## Usage

1. Deploy the Ext Authz service in a dedicated pod:

    ```console
    $ kubectl apply -f ext-authz.yaml
    service/ext-authz created

	overrideGRPCValue = "grpc-additional-header-override-value"
	resultAllowed     = "allowed"
	resultDenied      = "denied"
)

var (
	serviceAccount = flag.String("allow_service_account", "a",
		"allowed service account, matched against the service account in the source principal from the client certificate")
	httpPort = flag.String("http", "8000", "HTTP server port")