Cause: Certificates are stored in a temp location and not kept across invocations of the operator. Additionally, multiple threads can access the same code paths leading to possible inconsistencies with the certificate generation. Consequence: It's possible the various nodes of the ES log store are restarted with different certificates. Additionally there are times where the collector may not be able to write to the logstore because there is a mismatch in certs. Fix: Provide additional log messages and checks to determine if certificates need to be regenerated as well as introduce a mutex to ensure single threaded execution. Additionally, all generated certs are stored and fetched from the master cert secret Result: Generated certificates are consistently fetched and written to/from the same source allowing them to be checked during reconciliation