Hi,
The answer doesn't address any of my security concerns.
What is the point of creating a AZ Firewall with Hub / spoke architecture, making it very secure, and then make a cluster which is half in and half out of that protection?
In your example image, Internet access to VNBET Subnet 1 is made without any route through the firewall, and therefore things like advanced threat detection are not possible.
Subnet 2 and 3 route through the firewall, but the concept of a secure VNet is lost, as a tractor has just been driven through it by exposing half of the cluster to the internet?
Secondly, this proposed architecture would need 2 x 6 VMs, and the minimum size VM costs approximately £106 per month per VM, before any discounts. So that is £1,272 a month just to create the service fabric. That puts it out of range for a lot of small scale projects.