after reading this it was not clear to me.
##Option 2 - Kibana customHeaders
This solution is very similar to Option 1. Using the
elasticsearch.customHeaders setting in the kibana.yml you can pass the same Basic Auth headers to Elasticsearch on every request. However, you'll have to disable X-Pack Security in Kibana for this option to work.
This solution doesn't require a reverse proxy; however, you will be forced to use Kibana as the same user, and disable X-Pack Security.