In customer's OCP 4.14 cluster hosted in s390x arch, they get intermittent signature errors,

Failed to pull image "registry.redhat.io/redhat/redhat-operator-index:v4.14": rpc error: code = Unknown desc = SignatureValidationFailed: copying system image from manifest list: Source image rejected: A signature was required, but no signature exists

They can get a clean pull after a few retries, so I believe their local gpg signatures are good. Please see if there is a bug in there image somewhere.

Related details:
1. This only happens to registry.redhat.io images. They use the same gpg signatures with registry.access.redhat.com, and that has never issues.

2. All other images inside registry.redhat.io doesn't have this signature error.

3. Only one pod ever faces this signature issue. There are 2 redhat-operator pods that uses this specific image, the other one is always working.
$ oc get pod -o wide | grep redhat-operator
redhat-operators-dhccn 1/1 Running 0 23h 10.128.0.126 a70ztcposcp1.zoccou1.bcbssc.com <none> <none>
redhat-operators-sqpnw 0/1 ImagePullBackOff 0 16h 10.128.0.143 a70ztcposcp1.zoccou1.bcbssc.com <none> <none>

4. Only happens to customer's s390x cluster. They have an x64 based cluster in the same ocp level, and doesn't have this error.

5. Customer noted that after a few pod restarts, the signature errors go away.