diff --git a/extensions/Dockerfile b/extensions/Dockerfile
new file mode 100644
index 000000000..68370cfb6
--- /dev/null
+++ b/extensions/Dockerfile
@@ -0,0 +1,25 @@
+## Builds the webserver for the repo service.
+FROM golang as gobuild
+ADD repo-server/main.go .
+RUN mkdir /build
+RUN go build -o /build/webserver main.go
+
+## Downloads the extensions given the extensions.yaml
+ARG RHCOS_VERSION=latest
+FROM registry.ci.openshift.org/rhcos-devel/rhel-coreos:${RHCOS_VERSION} as os
+#Expects repos from redhat-coreos, like when building rhcos locally.
+RUN rpm-ostree compose extensions --rootfs=/ --output-dir=/usr/share/rpm-ostree/extensions/ {manifest,extensions}.yaml
+
+## Creates the repo metadata for the extensions
+FROM quay.io/centos/centos:stream8 as repo
+COPY --from=os /usr/share/rpm-ostree/extensions/ /usr/share/rpm-ostree/extensions/
+RUN dnf install -y createrepo_c
+RUN createrepo_c /usr/share/rpm-ostree/extensions/
+
+## Final container that has the extensions and webserver
+FROM registry.access.redhat.com/ubi8/ubi:latest
+COPY --from=gobuild /build/webserver /usr/bin/webserver
+COPY --from=repo /usr/share/rpm-ostree/extensions/ /usr/share/rpm-ostree/extensions/
+
+CMD ["./usr/bin/webserver"]
+EXPOSE 9666/tcp
diff --git a/extensions/repo-server/main.go b/extensions/repo-server/main.go
new file mode 100644
index 000000000..ff813b4b3
--- /dev/null
+++ b/extensions/repo-server/main.go
@@ -0,0 +1,22 @@
+package main
+
+import (
+	"flag"
+	"log"
+	"net/http"
+)
+
+var (
+	// flagPort is the open port the application listens on
+	flagPort = flag.String("port", "9666", "Port to listen on")
+)
+
+func main() {
+	extensions := http.FileServer(http.Dir("/usr/share/rpm-ostree/extensions/"))
+	flag.Parse()
+	mux := http.NewServeMux()
+	mux.Handle("/", extensions)
+
+	log.Printf("listening on port %s", *flagPort)
+	log.Fatal(http.ListenAndServe(":"+*flagPort, mux))
+}
diff --git a/extensions/test/Dockerfile b/extensions/test/Dockerfile
new file mode 100644
index 000000000..fb3b0d744
--- /dev/null
+++ b/extensions/test/Dockerfile
@@ -0,0 +1,7 @@
+FROM registry.ci.openshift.org/rhcos-devel/rhel-coreos:4.11
+#We want to test it's only using the extensions repo
+RUN rm -rf /etc/yum.repos.d/*
+ADD ext.repo /etc/yum.repos.d/extention.repo
+#Install usbguard as provided by the repo
+RUN rpm-ostree install usbguard
+RUN usbguard
diff --git a/extensions/test/ext.repo b/extensions/test/ext.repo
new file mode 100644
index 000000000..b606010f3
--- /dev/null
+++ b/extensions/test/ext.repo
@@ -0,0 +1,5 @@
+[ext]
+name=extensions
+baseurl=http://localhost:9666/
+enabled=1
+gpgcheck=0