Jupyterhub on GKE Auto-pilot


I am trying to deploy jupyterhub on Google Kubernetes Engine Auto Pilot.
I have this error when spawning

Spawn failed: (400) Reason: error HTTP response headers: HTTPHeaderDict({‘Audit-Id’: ‘83a8c7d0-e3fd-401a-ae02-72b8f08e25dc’, ‘Cache-Control’: ‘no-cache, private’, ‘Content-Type’: ‘application/json’, ‘Warning’: ‘299 - “Autopilot set default resource requests on Pod train/jupyter-user1 for container block-cloud-metadata, as resource requests were not specified, and adjusted resource requests to meet requirements. See Resource requests in Autopilot  |  Google Kubernetes Engine (GKE)  |  Google Cloud and Autopilot overview  |  Google Kubernetes Engine (GKE)  |  Google Cloud”’, ‘X-Kubernetes-Pf-Flowschema-Uid’: ‘23b05c9c-9034-48b9-8571-7f8487c83968’, ‘X-Kubernetes-Pf-Prioritylevel-Uid’: ‘6ebf1a88-0da2-418f-8d1d-45871ac8dcdb’, ‘Date’: ‘Thu, 09 Mar 2023 14:30:55 GMT’, ‘Content-Length’: ‘893’}) HTTP response body: {“kind”:“Status”,“apiVersion”:“v1”,“metadata”:{},“status”:“Failure”,“message”:“admission webhook "gkepolicy.common-webhooks.networking.gke.io" denied the request: GKE Warden rejected the request because it violates one or more constraints.\nViolations details: {"[denied by autogke-default-linux-capabilities]":["linux capability ‘NET_ADMIN’ on container ‘block-cloud-metadata’ not allowed; Autopilot only allows the capabilities: ‘AUDIT_WRITE,CHOWN,DAC_OVERRIDE,FOWNER,FSETID,KILL,MKNOD,NET_BIND_SERVICE,NET_RAW,SETFCAP,SETGID,SETPCAP,SETUID,SYS_CHROOT,SYS_PTRACE’."],"[denied by autogke-disallow-privilege]":["container block-cloud-metadata is privileged; not allowed in Autopilot"]}\nRequested by user: ‘system:serviceaccount:train:hub’, groups: ‘system:serviceaccounts,system:serviceaccounts:train,system:authenticated’.”,“reason”:“GKE Warden constraints violations”,“code”:400}

Thank you for your help

Z2JH includes some privileged containers which you can disable, see this previous discussion

Thank you @manics. It works now.