Setup and configure Google Artifact Registry for Tanzu Application Platform Build Source as Maven Source


In this tutorial, we detail how to use Google Artifact Registry as a Maven repository to be used as a build source in VMware Tanzu Application Platform. Usually when deploying workloads in the Tanzu Application Platform, a git source will be provided and, using the build instructions, the workload will be built from the git source and deployed into the Tanzu Application Platform environment. Sometimes we have a working pipeline already in place where a final artifact is already built and we want to reuse that final artifact to deploy via the Tanzu Application Platform. So, instead of a git source, we can directly provide a built artifact using the Tanzu Application Platform, which will deploy the workload. Here you will see how to do that with a Maven artifact using these basic steps:

●      Create a Maven repository (Google Artifact Registry)

●      Push a sample maven artifact into the repository

●      Use this artifact as a workload source in the Tanzu Application Platform supply chain


  • Access to create Artifact Registry and service accounts in GCP
  • Any Maven code repo. For this example, we have used spring-petclinic demo app
  • Google Cloud SDK 398.0.0 connected to the GCP account
  • Tanzu cli- v0.11.6
  • GKE 3 node cluster with Kubernetes version v1.24.3
  • Tanzu Application Platform cluster essentials -1.2.0
  • Tanzu Application Platform -1.3.0 version, full profile installed with OOTB Basic supply chain and dev namespace setup

Step 1 - Create and set up Google Artifact Registry

 We create a Google Artifact Maven Registry and then deploy the spring-petclinic sample Maven application as a Maven artifact into the created registry.

Artifact Registry Creation

  1. Navigate to the Google Artifact Registry page.

  1. Click on Create Repository.

  1. Create a Maven repo selecting the values as below:
    1. Name: Any name. In this ex. Maven-repo
    2. Format: Maven
    3. Region: Any region
    4. The rest are all defaults
  2. Clone the spring-petclinic repo to a local path
  3. From a terminal with gcloud set up, execute the below command, replacing the values for:
    1. Project as the GCP project where the Maven registry is created
    2. Repository as the Maven repository name
    3. Location where the Maven registry was created
gcloud artifacts print-settings mvn \

    --project=advanced-editions-engineering \

    --repository=maven-repo \



  1. The above command generates pom.xml content, which should be replaced in the Maven workload application; in our case, this is the spring-petclinic application. In this case:
<!-- Insert following snippet into your pom.xml -->





  1. Copy-paste the blocks in the pom.xml in the respective sections, like:
    1. The <repository> section to the already existing <repositories> section in the pom.xml
    2. The <extensions> section to the existing <build> section
    3. The <distributionManagement> section to anywhere under the <project>
  2. Then execute the below command to package and push the Maven artifact to Google Artifact Registry:
./mvnw -Dmaven.test.skip=true -Dcheckstyle.skip deploy



  1. After completing the steps in the guide and deploying the artifact into the Google registry, create a service-account following third-party access control.
    1. Navigate to the “Service accounts” module.

  2. Give it a name:

  1. Select the required roles to access the artifact registry, Artifact Registry Reader, Artifact Registry Writer and Artifact Registry Service Account.

  1. Leave the rest to default and create the service account.

  1. Once created, search for the created service account and add a new key (select json option) under the Keys tab. A json file will be downloaded, which will be used during the Tanzu Application Platform configuration below:


  1. A json file will be downloaded and we will use that in Step 2.1.
  2. Then get the repository URL from the above-generated pom values (highlighted above: <url>artifactregistry://</url>) and replace the "artifactregistry://" to "https://" (in this case and use it as the Maven repository URL along with other Maven parameters as per the documentation of update the installed Tanzu Application Platform. This will be used in Step 2.2.

Step 2 - Deploy the Maven workload

  1. Create Maven repository secret in both tap-install and dev namespace.
export GCP_KEY=$(cat /path/to/the/json/created/during/GAR/setup | base64)

cat <<EOF | kubectl -n tap-install apply -f -
apiVersion: v1
  username: _json_key_base64
  password: $GCP_KEY
kind: Secret
  name: maven-credentials

cat <<EOF | kubectl -n <dev-namespace> apply -f -
apiVersion: v1
  username: _json_key_base64
  password: $GCP_KEY
kind: Secret
  name: maven-credentials


  1. Update Tanzu Application Platform with added Maven repo details with the below values:
    server: ""
    repository: "full/sc"
    ssh_secret: ""
      url: <Refer the previous step 1.12 for this URL>
      secret_name: maven-credentials


  1. Once the dev namespace is created, check if the default service account has access to Maven artifacts. The response for the below command should be “yes.” If “no,” then dev namespace setup is not properly configured with the cluster roles.
kubectl auth can-i get mavenartifacts -n my-apps --as=system:serviceaccount:my-apps:default



  1. Take the artifact values from pom.xml of the project, for example <groupId> will be YOUR_GROUP, and <artifactId> will be YOUR_ARTIFACT. In the spring-petclinic project used in this tutorial, the values will be:



  1. Deploy the workload using the template below (replacing the YOUR_ARTIFACT and YOUR_GROUP with the artifact values from Step 2.3).

Note: The version should be the word “RELEASE” in order for the automatic workload updates to work. Apart from this, we can also give the fixed version like in this example “2.4.5”. But in that case:

kind: Workload
  name: spring-petclinic
  labels: spring-petclinic petclinic-server # Add this for tap-gui web #Use the web for all supply chains.
  - name: maven
        groupId: YOUR_GROUP
        artifactId: YOUR_ARTIFACT
        version: RELEASE
        branch: main
  - name: spring-petclinic-db
       apiVersion: v1
       kind: Secret
       name: spring-petclinic-db
     value: mysql
     value: >


  1. Deploy the workload.
tanzu apps workload apply -n my-apps -f maven-workload.yaml --yes



  1. Check that Maven artifacts were successfully created.
kubectl get mavenartifacts -n my-apps



  1. Validate the workload in the Tanzu Application Platform GUI, whether the source provider is successful and that it shows the source as a Maven artifact.



  1. Validate whether all the steps in the workload deployment are successful.


  1. Validate whether the build is created and is successful.
kubectl get builds -n my-apps



  1. Then validate whether the workload status is using the below command and that the workload endpoint is shown in Knative Services as below:
tanzu apps workload get spring-petclinic --namespace my-apps



Step 3 - Update the Maven workload

  1. Just update the Maven pom.xml file of spring-petclinic with a new version like from 2.4.5 to 2.4.6 as below. Do not change groupId or artifactId.
  1. Make changes to the workload project just for reference to validate the difference between previous versions. (In this case, a change is added in vets.html.)
  2. Package and deploy a new version of the artifact to Google Artifact Registry again by following Step 1.8.

  1. A new build should be created automatically and validate the workload endpoint with the changes made in the previous step.

Filter Tags

Tanzu Tanzu Application Platform Document Intermediate