diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index bfa4c20517..a0ab95a8a9 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -210,6 +210,13 @@ haproxy_enable_external_vip: "{{ 'no' if kolla_external_vip_address == kolla_int
 kolla_enable_tls_external: "no"
 kolla_external_fqdn_cert: "{{ node_config_directory }}/certificates/haproxy.pem"
 
+
+####################
+# Kibana options
+####################
+kibana_user: "kibana"
+
+
 #################################
 # Cinder - Block Storage options
 #################################
diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2
index 542d862473..aa808ee536 100644
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@@ -374,8 +374,14 @@ listen radosgw_external
 {% endif %}
 
 {% if enable_central_logging | bool %}
+
+userlist kibanauser
+  user {{ kibana_user }} insecure-password {{ kibana_password }}
+
 listen kibana
   bind {{ kolla_internal_vip_address }}:{{ kibana_server_port }}
+  acl auth_acl http_auth(kibanauser)
+  http-request auth realm basicauth unless auth_acl
 {% for host in groups['kibana'] %}
   server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ kibana_server_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml
index a792117398..12b2d6bf5e 100644
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@@ -76,3 +76,8 @@ rabbitmq_cluster_cookie:
 ####################
 haproxy_password:
 keepalived_password:
+
+####################
+# Kibana options
+####################
+kibana_password: