I am using Compute Engine and VPC Networks in Google Cloud Platform.
I have a "classic" frontend - backend server setup inside Google Cloud with two VPC Networks which are connected trough VPC-Peering (for another purpose, validator for a blockchain).
The frontend consists of a few full nodes, full nodes are accessible and accessing other full nodes in the internet and contain the current state and history of the blockchain. They are inside a VPC with different Subnets in different regions. They have all a local and a public IPv4 Address.
The backend consists of one server, a validator, that can only communicate with my full nodes. It is also inside a VPC but has only a local IPv4 Address. Both VPCs are connected trough the in Google Cloud so called "VPC-Peering". They can communicate with each other.
My Question is now: What would be the best way to keep the validator with only local IP Address up to date with security updates etc?
Is there something like a best practice?
In my mind is currently only the option to make a own debian mirror in the full nodes VPC network which might be to cost intensive.
