Enable configuration of the HAProxy image used for shared ingress (and worker node API server proxy in shared ingress scenarios) via an environment variable. Currently, the shared ingress HAProxy image is hardcoded in the HyperShift operator code, requiring operator rebuilds for updates including security patches.

This enhancement allows the image to be configured at operator deployment time via the IMAGE_SHARED_INGRESS_HAPROXY environment variable, following the established pattern for other image overrides in HyperShift (e.g., IMAGE_CLUSTER_API, IMAGE_AWS_CAPI_PROVIDER, etc.).

Use Case:

• Support HAProxy 2.9+ for PROXY protocol v2 with TLV headers in shared ingress scenarios
• Enable security patching of the HAProxy image without HyperShift operator code changes
• Allow platform providers to use custom HAProxy images for compliance requirements

Acceptance Criteria:

• Environment variable IMAGE_SHARED_INGRESS_HAPROXY can override the default hardcoded image
• When the env var is not set, the system uses the current default image
• Worker node HAProxy configurations use the overridden image when shared ingress is enabled
• Documentation updated to explain the configuration option

Related:

• OCPSTRAT-2437: Support NodePool image overrides for apiserver proxy (HAProxy)