In fact it should be very easy if you have access to the dockerfile that generates the image. Just append upgrade commands, if not there already, then run "docker build" on it and you have a fresh updated image. You may have to troubleshoot some compatibility problems from time to time, but it should be easy as you have the output of docker build to guide you. My node is a debian 12 server and all the services are running in docker, with custom images generated as described.

Then you have the option, in the image generation process to choose if you want to use pre compiled versions of the applications or to compile it everytime for most trustless option.