If you are mounting the secret as a volume into your pod, when the secret is updated the content will be updated in your pod, without the pod RESTARTING. It's up to your APPLICATION to detect that change and reload, or to WRITE your own logic that rolls the pods if the secret changes .volumeMount controls what PART of the secret volume is mounted into a PARTICULAR container (defaults to the root, containing all those files, but can point to a specific file using `subPath`), and where in the container it should be mounted with `mountPath`.Example spec is below

• volumeMounts:
• - readOnly: true
• mountPath: /certs/server
• name: my-new-server-cert
• volumes:
• - name: server-cert
• secret:
• secretName: mysecret

Also, it depends on how the secret is consumed by a container. If env vars, then no. If a volumeMount, then the file is updated in the container ready to be consumed by the service but it needs to reload the file. The container does not restart. if the secret is mounted as a volume it is updated dynamically. if it is an environment variable it stays as the old value until the container is restarted