I am trying to deploy the Spring Cloud Data Flow Server to an enterprise Pivotal Cloud Foundry instance using an application manifest.yml.
My first concern is externalizing the SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_USERNAME and SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_PASSWORD properties from the manifest so I'm not storing them in plain text in version control. Is there a best practice to accomplish that? Where does that fit into the workflow of deploying a Data Flow Server and associated Streams/Tasks? My initial idea is to create a new Cloud Foundry user for the Data Flow Server that can deploy applications to the org/space I am using, then potentially use Spring Cloud Config to inject the credentials into the env. Is that a typical solution?
My second concern is requiring TLS/HTTPS for all of the Data Flow Server's web endpoints. I again attempted to omit the properties concerning the key store locations from the manifest in the SPRING_APPLICATION_JSON env entry, but that again caused initialization to fail. Does the Cloud Foundry Java buildpack have a standard location for those certificate stores, or is that specific to my Cloud Foundry instance? I also want to redirect all HTTP requests to HTTPS? Do I need to create a custom build of the Cloud Foundry Data Flow Server to do that?
Thanks for any help.
UPDATE:
Based on other SO posts, I have now resolved that I do not need to enable HTTPS/TLS from the Data Flow Server config in its embedded Tomcat server because it is sitting behind Cloud Foundry's proxy. However, I cannot see a way to require and redirect to HTTPS endpoints other than creating a customized build of the Data Flow Server for Cloud Foundry with the proper configuration.
You can refer the documentation for this here.