Whenever I deploy a spring boot app , it had embedded tomcat container. It relys on container being available. Does it mean that these are not 12 factor app compliant as depends on runtime injection of webserver?
What does TCP routing mean for non-http services?
Port Binding
Export services via port binding. The 12-factor app is completely self-contained and does not rely on runtime injection of a web server into the execution environment to create web-facing service.
For Pivotal Cloud Foundry, non-HTTP services require TCP routing in order to be replatformed.
When you run locally, a spring boot app, it runs with a default profile. So, Spring will leverage your port and other settings at runtime.
When you push to cloud, a spring boot app runs with a cloud profile. In a cloud profile, port settings are dictated by the cloud and settings you provide are ignored.
In PCF, a Diego cell hosts all app instances. A Diego cell has its own CIDR block for apps its hosting. So your app instance will get an IP from that range. And you cannot access the app by its ip.
The Diego cell vm though, has the IP from the CIDR range of the network its running. Diego cell also uses NAT-ing to map you app ip to a port on the Diego cell vm. That is how the traffic is routed to your app.
As you can see, the Diego cell, in PCF, cannot rely that the port you provided. Instead it will run the app where it can, and NAT to an available port.
Take a look at Diego Reference Architecture.
As to your second question, Go-Routers in Cloud Foundry route requests to app instances. By default only http/https traffic is enabled on Go-Routers. You can enable TCP Routing on Go-Routers. This was added, I believe, in PCF 1.9. Here's the documentation.