What is the correct way to access the K8S dashboard?

As far as I know, You would not want to expose your k8s dashboard to external world Since It's a graphical way to get access to your k8s cluster that's why the service type of k8s-dashboard is clusterIP instead of LoadBalancer or NodePort( Minikube uses it).

Now If you want to access the dashboard without exposing it to the external world.There are 2 ways which you have described in the question.

• Kubectl proxy (It create HTTP proxy to kube-api Server)
• Kubectl port-forward (it create TCP proxy to k8s-dashboard pod)

As no time to test the suggestion by Suresh, used below for now.

Get the kubernetes-dashboard service account token (given cluster-admin role).

$ kubectl get secret -n kube-system | grep kubernetes-dashboard
kubernetes-dashboard-token-42b78                 kubernetes.io/service-account-token   3         1h

$ kubectl describe secret kubernetes-dashboard-token-42b78 -n kube-system
Name:         kubernetes-dashboard-token-42b78
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=kubernetes-dashboard
              kubernetes.io/service-account.uid=36347792-ecdf-11e7-9ca8-06bb783bb15c

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:    <TOKEN>

Start SSH tunnel.

ssh -L localhost:8001:172.31.4.117:6443 centos@<K8SServer>

Use Chrome ModHeader extension to send the Bearer token.

Access the API server endpoint via SSH tunnel (local port 8001).

https://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy