Is there a complete documentation which explain if and how are applied OS with critical security update for the following IaaS/PaaS ?
In which case GCP team is taking care of these update and in which case we should take care of it.
For example, in the case of a GCE VM (Debain OS) the documentation seems to indicate that no patches are applied at all and no reboot are done.
What people are doing to keep GCE or other VM with up to date critical security update if this is not managed by GCP ? Is just restarting the VM fix do te trick ? Is there some special parameter to set in the YAML template of the VM ? I guess for GKE or AI notebook instances, this is managed by GCP since this is PaaS, right ? Is there some third party tools to do that.
Thanks for the clarifications.
As John mentioned, for the GCE Vm instances, you are responsible for all of the packages updates and it is handled like in any other System:
Linux: sudo apt/yum update/upgrade
Windows: Windows update
There are some internal tools in each GCE image that could help you to automatically update your system:
As per GKE, I think this is done when you upgrade your cluster version, the version of the master is upgraded automatically (since it is Google managed), but the nodes should be done by you. The node update can be automated, please see the second link below for more information.
Please check the following links for more details on how the Upgrade process works in GKE:
Upgrading your cluster
GKE Versioning and upgrades
As per "VM on which is running AI Platform notebook", I don't understand what do you mean by this. Could you provide more details