There are times when you want to deploy your PaaS resources on a private network instead of leveraging the public endpoint. Azure has a bunch of services that support service endpoints – a feature that lets you access a SQL/MySQL/Cosmos database on a vnet.

Azure Container Registry has a preview feature that will let you access your registry via your private vnet instead of the public endpoint.

https://channel9.msdn.com/Shows/Azure-Friday/Azure-Container-Registry-ACR-virtual-network-and-firewall-rules-preview

This means you can have your AKS cluster deployed on a vnet, with a locked down Kubernetes API (whitelist in preview) and common app resources like your database, storage, queues and your container registry deployed on your private vnet.

Good to see more services supporting this.