diff --git a/Dockerfile b/Dockerfile
index d003611..0d2e682 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,6 +11,8 @@ ENV KARP_SERVER_ID 10
 ENV KARP_PASSWORD RAnDoM_max16char
 ENV KARP_UPSCRIPT /etc/ucarp/vip-up-default.sh
 ENV KARP_DOWNSCRIPT /etc/ucarp/vip-down-default.sh
+ENV KARP_DISABLE_HEALTHCHECK=
+ENV KARP_HEALTHCHECK_URL=https://localhost:6443/livez
 ENV KARP_EXTRA_FLAGS=
 ENV KARP_DEBUG=
 
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 4cd5d8f..8ed7c00 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -2,9 +2,9 @@
 
 # cleanup when the container is stopped or ucarp exits
 cleanup () {
-  kill -USR2 $(pidof ucarp)
+  kill -USR2 "$(pidof ucarp)"
   sleep 1
-  $KARP_DOWNSCRIPT $KARP_INTERFACE $KARP_VIRTUAL_IP $KARP_SUBNET
+  $KARP_DOWNSCRIPT "$KARP_INTERFACE" "$KARP_VIRTUAL_IP" "$KARP_SUBNET"
 }
 trap "cleanup" SIGINT
 trap "cleanup" SIGTERM
@@ -27,6 +27,7 @@ fi
 
 # start up the service and put it into background
 /usr/sbin/ucarp \
+  --daemonize \
   --interface=${KARP_INTERFACE} \
   --srcip=${KARP_HOST_IP} \
   --vhid=${KARP_SERVER_ID} \
@@ -35,10 +36,27 @@ fi
   --upscript=${KARP_UPSCRIPT} \
   --downscript=${KARP_DOWNSCRIPT} \
   --xparam=${KARP_SUBNET} \
-  ${KARP_EXTRA_FLAGS} &
+  ${KARP_EXTRA_FLAGS}
 
-# wait for the last process sent to background to finish (ucarp)
-wait $!
+demote_ucarp() {
+  kill -USR2 "$(pidof ucarp)"
+  sleep 1
+  $KARP_DOWNSCRIPT "$KARP_INTERFACE" "$KARP_VIRTUAL_IP" "$KARP_SUBNET"
+}
+
+do_healthcheck() {
+  [ "$(wget --no-check-certificate -q -O - "$KARP_HEALTHCHECK_URL")" = ok ]
+}
+
+# periodically check
+if [ "$KARP_DISABLE_HEALTHCHECK" = yes ]; then
+  sleep infinity
+else
+  while true; do
+    do_healthcheck || demote_ucarp
+    sleep 1
+  done
+fi
 
 # cleanup even if the process exits by itself
 # otherwise, the traps handle container stops initiated by the user