Trident doesn't enforce detachments in CSI mode

[bswartz]

In dynamic provisioner mode, Trident can't enforce detachments because there's no mechanism to do controller attach/detaches for volumes of NFS/iSCSI types. For CSI volumes there is a mechanism though, and Trident doesn't use it.

The primary reason to implement controller attaches/detaches is to handle the case where Kubernetes loses access to a node and wants to reschedule the pods to another node. It needs to be sure that, whether the old node is dead or alive, that the old node definitely doesn't have access to the volume anymore before it attaches the volume to a new node.

The current implementation can lead to data corruption in the case where Kubernetes thinks the node is dead, but it's actually alive, and it reschedules the pod to another node, because Trident doesn't enforce the detachment on ControllerUnpublish.

[gnarl]

We are investigating how to safely perform a forced detach of a volume. Additional work on this feature is dependent on implementing Forced Detach in the CSI spec and adding support to Kubernetes.