Create Admission Controller for Pinning Images to Digests

[amouat]

When a k8s YAML contains an image name to be deployed, it should really be resolved to a digest. This stops the annoying use case where different nodes can end up running different versions of the same image even within a replica set.

It should be possible to do this in a mutating admission controller (and I suspect there may be examples of this).

Note that this is what Docker Swarm does.