I am using OpenShift router, by default the router is based on haproxy. When I create a domain such as aa.bb.cc, then I can access my service via this route.
I saw router (haproxy) pods are running my cluster, my question is, when I curl http://aa.bb.cc, how does domain aa.bb.cc reach to haproxy pods? What component is resolving domain aa.bb.cc?
That would be the DNS Server containing the wildcard domain. The flow us typically the following:
*.apps.example.com
+
+-----------------+ |
| DNS Server | |
+-----+-----------+ | OpenShift Cluster
^ | |
| | |
| | LB IP |
| | |
| v |
+-+----+--+ +--------------+ | +---------------+ +----------+
| | | | | | | | |
| Clients +------> Loadbalancer +-----> HAProxy +--------------->+ App Pods |
| | | | | | | | |
+---------+ +--------------+ | +---------------+ +----------+
|
+
Your client will use its regular DNS server to resolve the application domain. Typically, there is a wildcard DNS entry for all application Routes running on an OpenShift cluster (for example *.apps.example.com). So when your client requests myapp.apps.example.com, the IP of the Loadbalancer for the OpenShift cluster is returned.
The Loadbalancer in turn knows about all the Nodes where an OpenShift Router is running. So the Loadbalancer will forward the request to any of these Nodes.
As you noted, the OpenShift Router running HAProxy is then looking at the HTTP Host Header or the SNI extension for TLS connections to check where the connection needs to be forwarded to.
The HAProxy has a dynamic configuration that is derived from the Routes / Services in the cluster and then forwards your request to your Application Pods.