Docker HEALTHCHECK Does Not Actually Do Anything without an Orchestrator

I was setting up a Docker image for a web server the other day when I discovered Docker has a HEALTHCHECK instruction. From a cursory glance, it seems like a straightforward way to monitor if my container is still running properly even if the main process hasn't terminated yet (e.g. not stuck in an infinite loop):

I intuitively expected Docker to kill and restart the container if it's unhealthy. However, to my disappointment, Docker doesn't do anything if the command fails. It simply marks the container as "unhealthy" and nothing else.

Okay, now what?

It turns out that you would need something else like Kubernetes or Docker Swarm if you want automatic container restarts. I think this is a bad separation of concerns considering that Docker already restarts containers when the main process fails. Why not just add a flag that treats unhealthy containers as failed containers thus can make use of the built-in restart policies?

Since full-blown orchestrators are complete overkill for my use-case as I only needed to run a single container on a single machine, I decided to create a very basic Python script to use the Docker REST API to monitor my other containers:

I then put this Python script inside its own container and mount the Docker socket inside of it:

Overall, this was a frustrating experience of discovering something that intuitively should exist but doesn't for whatever reason.