I got this working after reading this info.

http://kubernetes.io/docs/user-guide/images/#specifying-imagepullsecrets-on-a-pod

So firstly create the registry access key

kubectl create secret docker-registry myregistrykey --docker-server=https://myregistry.azurecr.io --docker-username=ACR_USERNAME --docker-password=ACR_PASSWORD --docker-email=ANY_EMAIL_ADDRESS

Replacing the server address with the address of your ACR address and the USERNAME, PASSWORD and EMAIL address with the values from the admin user for your ACR. Note: The email address can be value.

Then in the deploy you simply tell kubernetes to use that key for pulling the image like so:

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: jenkins-master
spec:
  replicas: 1
  template:
    metadata:
      name: jenkins-master
      labels:
        name: jenkins-master
    spec:
      containers:
      - name: jenkins-master
        image: myregistry.azurecr.io/infrastructure/jenkins-master:1.0.0
        imagePullPolicy: Always
        readinessProbe:
          tcpSocket:
            port: 8080
          initialDelaySeconds: 20
          timeoutSeconds: 5
        ports:
        - name: jenkins-web
          containerPort: 8080
        - name: jenkins-agent
          containerPort: 50000
      imagePullSecrets:
        - name: myregistrykey

This is something we've actually made easier. When you provision a Kubernetes cluster through the Azure CLI, a service principal is created with contributor privileges. This will enable pull requests of any Azure Container Registry in the subscription.

There was a PR: https://github.com/kubernetes/kubernetes/pull/40142 that was merged into new deployments of Kubernetes. It won't work on existing kubernetes instances.