Am also interested to know the answer.
Am thinking we don’t need token for oadm command since it doesn’t use tokens or oauth based authentication. Since it is installed with root privileges, we are using sudo oadm command to executive commands.
# sudo oadm prune builds --orphans --confirm
We’re not running internal registry for builds. Am not sure we still need to run prune operations in this scanario.
We are able to delete old deployments + old images (also inside the registry) with our oadm prune commands.
Do we need a new account (or service account) for our cronjobs and which permission would we need?