I did create the network policy on the internal pod in the final question. The egress policy created on the internal pod works as expected to the mysql and payroll pods but the internal pod is also able to communicate with the external pod on port 8080. In my understanding this should fail . Did i miss something here? Just to add i also tried this with the answers yaml files and that is still the case.