User Defined Routing (UDR)
With the Fully Private Cluster configuration, Azure still creates some public IP resources to support load balancer egress. If necessary, you can avoid creating public IP addresses in the CML cluster by using a User Defined Routing (UDR) table. A UDR table can be configured in the cluster subnet to route packets to a customer-configured firewall, for example to limit internet access or analyze traffic. For more information on setting up UDR, see the Microsoft articles Virtual appliance scenario or Virtual network traffic routing.
To utilize a UDR and firewall in the Azure CML private cluster, select the following when setting up the cluster.
Select a subnet with a default route configuration to forward the traffic to the network
appliance or firewall.
Create load balancers with private IP addresses. This is the default choice when creating
clusters in CML.
Select Enable User Defined Routing.