diff --git a/pkg/server/egressselector/egress_selector.go b/pkg/server/egressselector/egress_selector.go
index 1115c66d7..3f7bd4ad5 100644
--- a/pkg/server/egressselector/egress_selector.go
+++ b/pkg/server/egressselector/egress_selector.go
@@ -30,6 +30,7 @@ import (
 	"time"
 
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
 
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apiserver/pkg/apis/apiserver"
@@ -214,7 +215,8 @@ func (u *udsGRPCConnector) connect(_ context.Context) (proxier, error) {
 	// we cannot use ctx just for dialing and control the connection lifetime separately.
 	// See https://github.com/kubernetes-sigs/apiserver-network-proxy/issues/357.
 	tunnelCtx := context.TODO()
-	tunnel, err := client.CreateSingleUseGrpcTunnel(tunnelCtx, udsName, dialOption, grpc.WithInsecure())
+	tunnel, err := client.CreateSingleUseGrpcTunnel(tunnelCtx, udsName, dialOption,
+		grpc.WithTransportCredentials(insecure.NewCredentials()))
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/storage/value/encrypt/envelope/grpc_service.go b/pkg/storage/value/encrypt/envelope/grpc_service.go
index 7aa5d232f..3013bfa01 100644
--- a/pkg/storage/value/encrypt/envelope/grpc_service.go
+++ b/pkg/storage/value/encrypt/envelope/grpc_service.go
@@ -29,6 +29,7 @@ import (
 	"k8s.io/klog/v2"
 
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
 
 	kmsapi "k8s.io/apiserver/pkg/storage/value/encrypt/envelope/v1beta1"
 )
@@ -64,7 +65,7 @@ func NewGRPCService(endpoint string, callTimeout time.Duration) (Service, error)
 	s := &gRPCService{callTimeout: callTimeout}
 	s.connection, err = grpc.Dial(
 		addr,
-		grpc.WithInsecure(),
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
 		grpc.WithUnaryInterceptor(s.interceptor),
 		grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
 		grpc.WithContextDialer(