Fix KubeLB option precedence enforced over enabled

[KhizerRehan]

What this PR does / why we need it:
This PR fixes KubeLB option visibility so that enforced takes precedence over the enabled flag

Behaviour Matrix

enforced	enabled	enableForAllDatacenters	Result	Rationale
true	any	any	show + locked	enforced wins
false / undef	true	any	show	enabled wins
false / undef	false	any	hide	explicit per-DC disable
false / undef	undef	true	show	seed fallback
false / undef	undef	false / undef	hide	no signal to show

Which issue(s) this PR fixes:

Fixes #7902

What type of PR is this?
/kind bug

Special notes for your reviewer:

Does this PR introduce a user-facing change? Then add your Release Note here:

Fixes KubeLB option precedence so enforced datacenters always show the option regardless of the enabled flag.

Documentation:

NONE

Test issue:

NONE

[kubermatic-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ahmadhamzh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• modules/web/src/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[KhizerRehan]

@shinushaju kindly, check behaviour matrix. It should behave according to precedence order defined. However the issue of not returning false value from backend still needs to be fixed when explicitly set

References:

• https://navendu.me/tils/9-5-25-omitempty-option-omits-boolean-fields-with-false-values/
• https://stackoverflow.com/questions/72206365/go-omitempty-bool-field-not-showing-false-type

[KhizerRehan]

/retest

[kubermatic-bot]

LGTM label has been added.

Details

Git tree hash: 6f66d3c5443c77546bc06e7bee3bcdc83c0c7bc9

[KhizerRehan]

/hold

Concern/Clarification Added

Priority order: enforced > enabled > enableForAllDatacenters

As discussed with @ahmadhamzh, it was mentioned that enableForAllDatacenters should act as a fallback when both enforced and enabled are false. However, I want to clarify a concern based on what @shinushaju mentioned in this ticket:
kubermatic/kubermatic#15713

When KubeLB is disabled for a specific datacenter in the Seed, the API should explicitly return enabled: false, and the KKP Dashboard should hide the KubeLB option for that datacenter accordingly.

If that is the expected behavior, and enableForAllDatacenters is also considered after enabled, then it implies that we can only hide the KubeLB option when both conditions are met:

• enableForAllDatacenters: false
• enabled: false (per datacenter)

This raises another question: if we want to enable KubeLB for all other datacenters, would we then need to explicitly set enabled: true for each individual datacenter?

In my opinion, enableForAllDatacenters acts as a global default flag, which should enable KubeLB for all datacenters unless explicitly overridden. In that case, a per-datacenter enabled: false should always take precedence over enableForAllDatacenters.

Otherwise, the only way to hide KubeLB would be to set both flags to false,

Based on this, I’m trying to understand whether the logic introduced in the PR aligns with this intended behavior.

Therefore this PR is on hold for further discussion

[ahmadhamzh]

so from what i understand if seedSettings?.kubelb?.enableForAllDatacenters is true then kubeLB will be available in all datacenters regardless of the dc.spec.kubelb?.enabled value,
@ahmedwaleedmalik is that correct ?

[ahmadhamzh]

according to my understand this sholdn't return false unless the seedSettings?.kubelb?.enableForAllDatacenters is also false, so we need to check that before returning false