---
title: A GKE Cluster's Kubelet should rotate client certificates automatically
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > A GKE Cluster's Kubelet should rotate
  client certificates automatically
---

# A GKE Cluster's Kubelet should rotate client certificates automatically
 
## Description{% #description %}

Client certificates should be rotated. This ensures there is no downtime due to expired certificates.

## Remediation{% #remediation %}

Choose a remediation method from below. For both steps, a restart of the Kubelet service is required.

### Kubelet config file{% #kubelet-config-file %}

1. Add the json below to this file: `/etc/kubernetes/kubelet/kubelet-config.json`

```json
"rotateCertificates": true
```

### Executable arguments{% #executable-arguments %}

```bash
--rotate-certificates=true
```