I had a question about general practices around updating container with security patches, etc.
In my head this would be done simply by updating the base container and triggering a rebuild/redeployment. The current plan is to stick with a specific tag and have automated deployments every X days to catch those updates. I was wondering what other patterns people are using to do this?
For example (hypothetical) we have N deployments running the latest version of NGINX and a security patch comes out, what would the pattern be for applying the updates to all N deployments without manually having to update each deployment spec or Helm chart.