diff --git a/Makefile b/Makefile
index ed591ed09..ad033e79f 100644
--- a/Makefile
+++ b/Makefile
@@ -95,6 +95,17 @@ build/kanidmd:
 		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		$(CONTAINER_BUILD_ARGS) .
 
+.PHONY: build/orca
+build/orca:	## Build the orca docker image locally
+build/orca:
+	@$(CONTAINER_TOOL) build $(CONTAINER_TOOL_ARGS) -f tools/orca/Dockerfile \
+		-t $(IMAGE_BASE)/orca:$(IMAGE_VERSION) \
+		--build-arg "KANIDM_BUILD_PROFILE=container_generic" \
+		--build-arg "KANIDM_FEATURES=" \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
+		$(CONTAINER_BUILD_ARGS) .
+
 .PHONY: build/radiusd
 build/radiusd:	## Build the radiusd docker image locally
 build/radiusd:
diff --git a/scripts/install_ubuntu_dependencies.sh b/scripts/install_ubuntu_dependencies.sh
index c6af0e21b..71aa95192 100755
--- a/scripts/install_ubuntu_dependencies.sh
+++ b/scripts/install_ubuntu_dependencies.sh
@@ -17,6 +17,7 @@ ${SUDOCMD} apt-get install -y \
     curl \
     rsync \
     git \
+    cmake \
     build-essential \
     jq \
     tpm-udev
diff --git a/tools/orca/Dockerfile b/tools/orca/Dockerfile
new file mode 100644
index 000000000..9ddcd2ee9
--- /dev/null
+++ b/tools/orca/Dockerfile
@@ -0,0 +1,70 @@
+# This builds the kanidm CLI tools
+ARG BASE_IMAGE=opensuse/tumbleweed:latest
+# ARG BASE_IMAGE=opensuse/leap:15.5
+
+FROM ${BASE_IMAGE} AS repos
+ADD ../../scripts/zypper_fixing.sh /zypper_fixing.sh
+RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh
+
+FROM repos AS builder
+ARG KANIDM_FEATURES
+ARG KANIDM_BUILD_PROFILE
+ARG KANIDM_BUILD_OPTIONS=""
+
+# Set the build profile
+ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
+ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"
+
+RUN \
+    --mount=type=cache,id=zypp,target=/var/cache/zypp \
+    zypper install -y --no-recommends \
+        sccache \
+        cargo \
+        clang \
+        make \
+        automake \
+        autoconf \
+        libopenssl-3-devel \
+        pam-devel \
+        libudev-devel \
+        sqlite3-devel \
+        rsync \
+        mold
+
+COPY . /usr/src/kanidm
+
+WORKDIR /usr/src/kanidm/
+
+# build the CLI
+RUN \
+    --mount=type=cache,id=cargo,target=/cargo \
+    --mount=type=cache,id=sccache,target=/sccache \
+    export CARGO_HOME=/cargo; \
+    export SCCACHE_DIR=/sccache; \
+    export RUSTC_WRAPPER=/usr/bin/sccache; \
+    export CC="/usr/bin/clang"; \
+    cargo build -p orca ${KANIDM_BUILD_OPTIONS} \
+        --target-dir="/usr/src/kanidm/target/" \
+        --features="${KANIDM_FEATURES}" \
+        --release && \
+    cargo install \
+        --git https://github.com/kanidm/webauthn-rs.git \
+        --rev 5f4db4172f8e22aedc68c282d177e98db2b1892f \
+        --force fido-mds-tool \
+        --target-dir="/usr/src/kanidm/target/" && \
+    sccache -s
+
+# == Construct the orca container 
+FROM repos
+
+ENV RUST_BACKTRACE 1
+
+
+COPY --from=builder /usr/src/kanidm/target/release/orca /sbin/
+COPY ./tools/orca/profile-sample.toml /etc/kanidm/profile-sample.toml
+
+RUN chmod +x /sbin/orca
+
+
+CMD [ "/sbin/orca", "-h" ]
+
diff --git a/tools/orca/profile-sample.toml b/tools/orca/profile-sample.toml
new file mode 100644
index 000000000..5727c52c9
--- /dev/null
+++ b/tools/orca/profile-sample.toml
@@ -0,0 +1,10 @@
+control_uri = "https://localhost:8443"
+admin_password = ""
+idm_admin_password = ""
+seed = -1236045086759770365
+extra_uris = []
+warmup_time = 10 
+test_time = 180
+group_count = 5
+person_count = 500
+thread_count = 20