How are you patching your Windows docker nodes?

Hey all. My organization has rolled out Docker Swarm to containerize some of our applications, which only run on Windows. The infrastructure that’s been built out for our swarms are Linux manager nodes and Windows worker nodes. I’ve been tasked with figuring out how to patch the Windows docker servers. Due to the nature of Docker requiring draining before bringing the server down, I think this is not as simple as tossing them into our standard patching window. We need some automation that will drain the nodes first, so as to not suddenly bring down any containers etc.

My question is: for those if you in a similar situation, how are you handling this? I’m working on building out Ansible playbooks that will drain nodes, run patching, and set them back to active, but wanted to check if there is a best practice to handle this already. I can’t imagine this is a rare scenario.

Thank you