Why pods can't reach the internet by default and how iptables MASQUERADE fixes it — a deep dive into NAT, conntrack, and the path packets take out of a Kubernetes node.

How Kubernetes pod networking actually works — built from Linux primitives: network namespaces, veth pairs, and bridges. No abstractions, just the kernel.