Draining is easy. Your health check should be hitting a url like '/ping' anyway which responds with an OK if the box is in a reasonable state and willing to serve traffic.

I always add an additional check to see if a file called /tmp/down exists, and if it does, return a 500 for the health checks. Existing clients will continue to be served but that instance will get no new connections.