User Defined Routing (UDR)
With the Fully Private Cluster configuration, Azure still creates some public IP resources to support load balancer egress. If necessary, you can avoid creating public IP addresses in the CML cluster by using a User Defined Routing (UDR) table. A UDR table can be configured in the cluster subnet to route packets to a customer-configured firewall, for example to limit internet access or analyze traffic. For more information on setting up UDR, see the Microsoft articles Virtual appliance scenario or Virtual network traffic routing.
To utilize a UDR and firewall in the Azure CML private cluster, select the following when setting up the cluster.