We are creating secrets for DB and mounting them as volume to POD, but when we update pod is not refreshing to pick up the new changes. but document says it does refresh automatically
https://kubernetes.io/docs/concepts/configuration/secret/
are we missing anything here? does it require any specific logic from Code side.
Thanks in advance
Kubernetes does not itself support this feature at the moment and there is feature in the works (https://github.com/kubernetes/kubernetes/issues/22368).
You can use custom solution available to achieve the same and one of the popular ones include Reloader.
The doc you linked describes that the secret values inside the mounted volume will get updated when you update the Kubernetes Secret object. The application running inside the pod will need to re-read the secret after it is updated though and a new pod is not created on updating the secret itself.
Also, note that there can be some delay between the actual update of the secret and getting those values reflected in the volume.
As a result, the total delay from the moment when the Secret is updated to the moment when new keys are projected to the Pod can be as long as the kubelet sync period + cache propagation delay, where the cache propagation delay depends on the chosen cache type (it equals to watch propagation delay, ttl of cache, or zero correspondingly)