Cannot set additionalConfig using opensearch-k8s-operator

Opensearch operator version: 2.6.1
Opensearch version: 2.14.0

I am attempting to set the parameter plugins.security.ssl_cert_reload_enabled: true on a test cluster. I’ve added the parameter under the general section

general:
    additionalConfig:
         plugins.security.ssl_cert_reload_enabled: "true"

However, when I shell into a running container, I do not see my change reflected in the /usr/share/opensearch/config/opensearch.yml file. Additionally I cannot perform the api call to hot reload certificates (which this parameter should have enabled).

curl -k -u admin:admin -XPUT https://localhost:9200/_plugins/_security/api/ssl/transport/reloadcerts

{"status":"FORBIDDEN","message":"Access denied"}

Do parameters added to the additionalConfig sections of general and nodePools get added directly to the opensearch.yml file? If not, how do I see what the settings are for each node (calling _node/settings also did not show me my parameter)?

So, I see my issue with connecting to the api. I needed to supply the admin certs like so

curl -k --cert ./tls.crt --key ./tls.key -XPUT https://localhost:9200/_plugins/_security/api/ssl/transport/reloadcerts

{"message":"updated transport certs"}

My question still stands howerver . . . When you set the additionConfig parameter, where is this change reflected if not in the opensearch.yml config file? How can I see my changes on my nodes?