Hi Daniel,
I’ll let you know how I’ve done it so far… basically I keep it pretty simply and… every once in a while I’ll do the following two commands while my juju status points to a certain model I want to update
juju run --all -- sudo apt update
then if there’s updates it’s simply
juju run --all -- sudo apt upgrade -y
I’ll be straight forward though, this stuff is pretty much experimental servers in my own LXD cluster… and sometimes in AWS… both have handled this pretty well… and from time to time I’ll juju ssh into the nodes to see if I need to restart any for upgrades to take effect… but I am sure there are more programmatic ways others might share