ESXi hosts may experience excessive logging within /var/run/log/clusterAgent.log or /var/run/log/clusterAgent.stderr.
This log spam can grow rapidly, potentially filling the RAMdisk or OSDATA partition, leading to host management instability.

The logs typically contain the following error:

WARN grpc: addrConn.createTransport failed to connect to {<IP>:xxxx...}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate specifies an incompatible key usage". Reconnecting...

VMware vSphere ESXi: 7.x and 8.x

The clusterAgent service is a default component in ESXi 7.x and 8.x used for Tanzu/Supervisor Cluster management. The service attempts to establish a secure connection to a local API endpoint.
If the ESXi host certificates do not contain the specific Server Authentication Extended Key Usage (EKU) attributes, the Go-based agent fails the TLS handshake.

Even if Tanzu is not in use, the service may remain active in a "reconnect loop," generating continuous log entries as it attempts to initialize.

In environments where vSphere with Tanzu is not utilized, the clusterAgent service can be safely stopped and disabled to prevent log exhaustion.

1. Log in to the affected ESXi host via SSH.

2. Stop the clusterAgent service: /etc/init.d/clusterAgent stop

3. Disable the service from starting automatically on boot: chkconfig clusterAgent off

4. Reclaim disk space by clearing the existing log files: echo > /var/run/log/clusterAgent.log echo > /var/run/log/clusterAgent.stderr

Note on Service Name: Depending on the ESXi version, the service name in /etc/init.d/ may appear as clusterAgent or cluster-agent.

Japanese version of this KB : https://knowledge.broadcom.com/external/article/434151