berachain · chuck-bear · Feb 17, 2026 · Copilot · Feb 17, 2026 · fridrik01
diff --git a/Dockerfile.debug b/Dockerfile.debug
@@ -18,6 +18,11 @@ COPY --from=planner /app/recipe.json recipe.json
 ARG BUILD_PROFILE=release
 ENV BUILD_PROFILE=$BUILD_PROFILE
 
+# Build flags for profiling-friendly binaries.
+# Defaults enable call-stack unwinding and symbol data for better eBPF flamegraphs.
+ARG RUSTFLAGS="-C force-frame-pointers=yes -C debuginfo=1 -C symbol-mangling-version=v0"
-# Defaults enable call-stack unwinding and symbol data for better eBPF flamegraphs.
-ARG RUSTFLAGS="-C force-frame-pointers=yes -C debuginfo=1 -C symbol-mangling-version=v0"
+# Override via --build-arg RUSTFLAGS="..." in profiling builds (default is empty).
+ARG RUSTFLAGS=""
-# Defaults enable call-stack unwinding and symbol data for better eBPF flamegraphs.
-ARG RUSTFLAGS="-C force-frame-pointers=yes -C debuginfo=1 -C symbol-mangling-version=v0"
+# Override via --build-arg RUSTFLAGS="..." in profiling builds (default is empty).
+ARG RUSTFLAGS=""
+ENV RUSTFLAGS=$RUSTFLAGS
+
 # Builds dependencies with debug profile (faster linking, keeps symbols)
 RUN cargo chef cook --profile $BUILD_PROFILE --recipe-path recipe.json
 
@@ -31,9 +36,20 @@ RUN cp /app/target/release/bera-reth /app/bera-reth
 # Use Ubuntu as the release image
 FROM ubuntu:24.04 AS runtime
 
-# Install runtime dependencies
+# Install runtime dependencies and eBPF observability tooling.
+# Note: eBPF tooling requires extra container privileges at runtime
+# (for example: --privileged, or CAP_BPF + CAP_PERFMON + CAP_SYS_ADMIN,
+# and usually --pid=host with host /sys mounted).
 RUN apt-get update && \
-    apt-get install -y ca-certificates libssl-dev && \
+    apt-get install -y \
+    ca-certificates \
+    libssl-dev \
+    linux-tools-common \
-    linux-tools-common \
+    linux-tools-common \
+    linux-tools-generic \
-    linux-tools-common \
+    linux-tools-common \
+    linux-tools-generic \
+    bpftrace \
+    bpfcc-tools \
+    procps \
+    psmisc \
+    strace && \
     rm -rf /var/lib/apt/lists/*
 
 # Copy bera-reth over from the build stage
@@ -49,5 +65,6 @@ EXPOSE 30303 30303/udp 9001 8545 8546 8551
 # Set environment to show we're in debug mode
 ENV RUST_LOG=debug
 ENV BUILD_TYPE=release
+ENV BPFTRACE_CACHE_USER_SYMBOLS=1
 
-ENV BPFTRACE_CACHE_USER_SYMBOLS=1
+
+# Control bpftrace user symbol caching. Default is enabled (1) for performance.
+# Override at build time with: --build-arg BPFTRACE_CACHE_USER_SYMBOLS=0
+ARG BPFTRACE_CACHE_USER_SYMBOLS=1
+ENV BPFTRACE_CACHE_USER_SYMBOLS=${BPFTRACE_CACHE_USER_SYMBOLS}
-ENV BPFTRACE_CACHE_USER_SYMBOLS=1
+
+# Control bpftrace user symbol caching. Default is enabled (1) for performance.
+# Override at build time with: --build-arg BPFTRACE_CACHE_USER_SYMBOLS=0
+ARG BPFTRACE_CACHE_USER_SYMBOLS=1
+ENV BPFTRACE_CACHE_USER_SYMBOLS=${BPFTRACE_CACHE_USER_SYMBOLS}
 ENTRYPOINT ["/usr/local/bin/bera-reth"]
diff --git a/Makefile b/Makefile
@@ -50,6 +50,17 @@ docker-build-debug: ## Fast debug build using Docker multistage (no cross-compil
 	docker build --file Dockerfile.debug --tag $(DOCKER_IMAGE_NAME):debug \
 		--build-arg COMMIT=$(GIT_SHA) \
 		--build-arg VERSION=$(GIT_TAG) \
+		--build-arg BUILD_PROFILE=$(PROFILE) \
+		.
+
+.PHONY: docker-build-debug-profiling
+docker-build-debug-profiling: ## Build profiling-friendly debug image (frame pointers + debuginfo) for flamegraphs.
-docker-build-debug-profiling: ## Build profiling-friendly debug image (frame pointers + debuginfo) for flamegraphs.
+docker-build-debug-profiling: ## Build profiling-oriented debug image (frame pointers + debuginfo) for CPU profiling/eBPF flamegraphs.
+	# Use this target instead of `docker-build-debug` when you need high-fidelity profiling data,
+	# such as when generating flamegraphs or using eBPF-based profilers from inside the container.
+	# When running the resulting image with eBPF tooling, the container usually must be started
+	# with `--privileged` or with the necessary capabilities (e.g., perf/eBPF and related system
+	# capabilities) granted explicitly, depending on your Docker and host configuration.
-docker-build-debug-profiling: ## Build profiling-friendly debug image (frame pointers + debuginfo) for flamegraphs.
+docker-build-debug-profiling: ## Build profiling-oriented debug image (frame pointers + debuginfo) for CPU profiling/eBPF flamegraphs.
+	# Use this target instead of `docker-build-debug` when you need high-fidelity profiling data,
+	# such as when generating flamegraphs or using eBPF-based profilers from inside the container.
+	# When running the resulting image with eBPF tooling, the container usually must be started
+	# with `--privileged` or with the necessary capabilities (e.g., perf/eBPF and related system
+	# capabilities) granted explicitly, depending on your Docker and host configuration.
+	@echo "Building profiling debug Docker image..."
+	docker build --file Dockerfile.debug --tag $(DOCKER_IMAGE_NAME):debug-profiling \
+		--build-arg COMMIT=$(GIT_SHA) \
+		--build-arg VERSION=$(GIT_TAG) \
+		--build-arg BUILD_PROFILE=$(PROFILE) \
+		--build-arg RUSTFLAGS="-C force-frame-pointers=yes -C debuginfo=1 -C symbol-mangling-version=v0" \
-		--build-arg RUSTFLAGS="-C force-frame-pointers=yes -C debuginfo=1 -C symbol-mangling-version=v0" \
-		--build-arg RUSTFLAGS="-C force-frame-pointers=yes -C debuginfo=1 -C symbol-mangling-version=v0" \
 		.
 
 .PHONY: docker-build-push-nightly