What is the correct way to access the K8S dashboard?

As far as I know, You would not want to expose your k8s dashboard to external world Since It's a graphical way to get access to your k8s cluster that's why the service type of k8s-dashboard is clusterIP instead of LoadBalancer or NodePort( Minikube uses it).

Now If you want to access the dashboard without exposing it to the external world.There are 2 ways which you have described in the question.

• Kubectl proxy (It create HTTP proxy to kube-api Server)
• Kubectl port-forward (it create TCP proxy to k8s-dashboard pod)

As no time to test the suggestion by Suresh, used below for now.

Get the kubernetes-dashboard service account token (given cluster-admin role).

$ kubectl get secret -n kube-system | grep kubernetes-dashboardkubernetes-dashboard-token-42b78                 kubernetes.io/service-account-token   3         1h$ kubectl describe secret kubernetes-dashboard-token-42b78 -n kube-systemName:         kubernetes-dashboard-token-42b78Namespace:    kube-systemLabels:       <none>Annotations:  kubernetes.io/service-account.name=kubernetes-dashboard              kubernetes.io/service-account.uid=36347792-ecdf-11e7-9ca8-06bb783bb15cType:  kubernetes.io/service-account-tokenData====ca.crt:     1025 bytesnamespace:  11 bytestoken:    <TOKEN>

Start SSH tunnel.

ssh -L localhost:8001:172.31.4.117:6443 centos@<K8SServer>

Use Chrome ModHeader extension to send the Bearer token.

Access the API server endpoint via SSH tunnel (local port 8001).

https://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

For those stuck with a status-code 403 and coredns- containers stuck during creation, try installing a pod network add-on for your cluster:

Calico for example:

kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml

source: https://kubernetes.io/fr/docs/setup/independent/create-cluster-kubeadm/