A NAT gateway in Azure requires a public IP. Customers who opt into using private clusters are trying to minimize any cluster exposure to the public. We need to make sure that private clusters with NAT gateways is a setup that customers would want before we implement any changes.

In theory it should be OK to add the support since NATs only enable outbound traffic. But the impact needs to be properly evaluated.

Another issue that needs to be investigated was discovered during QE regression tests in [1]. It seems the cluster-provider-azure doesn't like when we change the name of the LB backend pools [2]. This will have to be solved if we want multi-AZ support for private clusters.

[1] https://issues.redhat.com/browse/CORS-2618?focusedId=22669178&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-22669178

[2] https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/pkg/provider/azure_standard.go#L271-L277