Cannot configure GRPC TLS minimum version

[or-shachar]

Report

• We uses always TLS 1.3 as minimum TLS version for grpc client.
• When compiling in FIPS mode (Boringcrpyto with limited approved TLS versions) and Go 1.23, this causes runtime issue: no supported versions satisfy MinVersion and MaxVersion

For http client we allow setting the min TLS version with KEDA_HTTP_MIN_TLS_VERSION. Not sure why we don't allow configuring the value for grpc client as well.

Expected Behavior

• It would be nice if we could control the min TLS version for grpc client.
• Not sure if through the same env variable (KEDA_HTTP_MIN_TLS_VERSION) or introduce a different one.

Actual Behavior

For grpc client - the min tls version is hardcoded to 1.3.

Steps to Reproduce the Problem

If you want to see FIPS issue:

1. Compile with go 1.23.2 with GOEXPERIMENT=boringcrypto
2. Run the services in cluster
3. You'll see this in the metrics adapter:

W1024 18:24:27.886000       1 logging.go:55] [core] [Channel #1 SubChannel #53]grpc: addrConn.createTransport failed to connect to {Addr: "172.20.74.146:9666", ServerName: "keda-operator.keda.svc.cluster.local:9666", }. Err: connection error: desc = "transport: authentication handshake failed: tls: no supported versions satisfy MinVersion and MaxVersion"

KEDA Version

2.15.0

Kubernetes Version

1.30

Platform

Any

Scaler Details

No response

Anything else?

In Go main branch they approved TLS 1.3 for FIPS but in 1.23.2 it's still not there.

[JorTurFer]

I think that it's a good feature supporting a configuration for the min TLS version for GRPC. are you willing to open a PR?

[zroubalik]

Yeah, a separate ENV variable would make sense here

[or-shachar]

I'll open a PR

[or-shachar]

@JorTurFer would appreciate your feedback on the PR. If that's good to go - I'll open chart nad docs PRs as well.