Networking & Validation

Configure domain and load balanacer healthcheck rules to make services available to the open internet.

Domain Mapping

The ingress and internal networking information for a service.

DomainThe domain at which service will serve requests. Multiple domains are supported using comma separated values, e.g.,,
Internal portThe internal port the Docker container has been configured to listen on. This is often defined in the Dockerfile as the EXPOSE command.

Automatic DNS validation

When creating and updating services configured with domain mappings, MedStack Control automatically checks that domains resolve to the IP address of the cluster Manager node.

Safer deployments

It is not possible to create or update services with DNS resolution issues. If a DNS resolution error is detected when creating or updating a service, an error will indicate the issue on the domain input box.

When this happens, the service cannot be created or updated until:

  • The unresolved domains are resolved, or;
  • The unresolved domains are removed from the service configuration

Maintenance notifications

When a service's domain configuration fails to successfully resolve the DNS mapping to the cluster Manager node, a maintenance event is triggered and requires resolution. This can be observed in three locations:

  1. Node maintenance – a maintenance action will appear on the Manager node when DNS resolution issues are detected.
  2. Email maintenance alert – in addition to the node maintenance, notification list recipients will receive an email notice of the DNS resolution issues.
  3. Services table – services with DNS resolution issues are detected and indicated by the ⚠️ Inspect state in the "Active Domains" column.

Load Balancer Healthchecks

Load balancer healthcheck parameters can be configured to improve the availability of Docker services and decrease the disruption to application clients when creating and updating services.

These kinds of healthchecks allow the load balancer to determine if a container is suitable for receiving traffic. The healthcheck will deem a container suitable for receiving traffic if the path responds with a 2xx or 3xx HTTP response code. You can learn more about Traefik healthchecks.

If all containers for a service fail their healthchecks, the load balancer will return a 503: Service Unavailable for any inbound traffic to the service.


Enabling a healthcheck

A healthcheck can be enabled by inputting a value into the "Path" field. The path is the only required field when configuring a load balancer healthcheck as the interval and timeout defaults will be assumed unless configured otherwise.

PathDefines the server URL path for the health check endpoint.
(i.e., /my-healthcheck-endpoint)
Interval (seconds)Defines the frequency of the healthcheck calls.
(default: 30s)
Timeout (seconds)Defines the maximum duration the load balancer will wait for a healthcheck request before considering the container unsuitable for receiving traffic.
(default: 5s)