user permissions needed for token access to kubernetes dashboard with RBAC

I couldn't find a different way other than providing some access to kube-system, so I did using the following role and binding:

kind: RoleapiVersion: rbac.authorization.k8s.io/v1beta1metadata:  namespace: kube-system  name: user-role-dashboardrules:  - apiGroups: [""]    resources:      - services    verbs: ["get", "list", "watch"]  - apiGroups: [""]    resources:      - services/proxy    verbs: ["get", "list", "watch", "create"]---kind: RoleBindingapiVersion: rbac.authorization.k8s.io/v1beta1metadata:  namespace: kube-system  name: user-binding-dashboardsubjects:- kind: User  name: system:serviceaccount:<namespace>:<username>  apiGroup: ""roleRef:  kind: Role  name: user-role-dashboard  apiGroup: ""

Would still like to know whether there is a better way though, your thoughts and suggestions are welcome!

I have the same situation and found my answer in this post: Kubernetes Dashboard Installation Deep Dive. It worked perfectly.

The idea is to create a PKCS #12 file from the kubernetes-admin user's certificate and key. Import this into your browser, then access the dashboard through the API server (I did not use a proxy). Note that SKIP will not grant any access. Login using the bearer token as normal, and the dashboard rights are restricted by the user's token.