You are preparing to deploy a microservices application on Google Kubernetes Engine (GKE) that will undergo daily updates. With a large number of distinct containers running on the Linux operating system (OS), you aim to stay informed about any known OS vulnerabilities in the new containers. Prioritizing Google's recommended best practices, what is the most suitable approach for achieving this?