Yes, you can combine both. We merge the settings you specify in the config section with the settings we derive from the elasticsearchRef
apiVersion: kibana.k8s.elastic.co/v1alpha1
kind: Kibana
metadata:
name: kibana-sample
spec:
version: 7.4.0
nodeCount: 1
config:
elasticsearch.requestHeadersWhitelist:
- authorization # or whatever you want here
elasticsearchRef:
name: "elasticsearch-sample"
In this example ECK takes care of the username, password, Elasticsearch URL and certificate authority setup but you can set a custom request header whitelist.