neuvector helmrelease always upgrades

On the Engineering Services team, we've noticed that the neuvector HelmRelease always upgrades when we make any change to the bigbang chart's values. This upgrade rolls all of the neuvector pods, and can take some time when there are several nodes.

After a bit of investigation, I believe it is because $neuvectorMetricsPass always regenerates with a new random password when rendering the chart's templates.

Here's the relevant snippet from ./chart/templates/neuvector/values.yaml.

{{- $neuvectorMetricsPass := join "" (list (randAlphaNum 12) (randAlpha 2 | upper) (randAlpha 2 | lower) (randNumeric 2))}}

It would be nice if we could set this to something static so that it doesn't change each time. It looks like similar situations are handled using helm's lookup function to read an existing secret out of the cluster. See the kiali chart's grafana secret, for example.