"additionalSecurityGroups" field not recognized in cluster config

[eschneider1271]

Thanks for submitting an issue! Please fill in as much of the template below as
you can.

------------- BUG REPORT TEMPLATE --------------------

1. What kops version are you running? The command kops version, will display
   this information.

Version 1.8.1

2. What Kubernetes version are you running? kubectl version will print the
   version if a cluster is running or provide the Kubernetes version specified as
   a kops flag.

Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.3", GitCommit:"d2835416544f298c919e2ead3be3d0864b52323b", GitTreeState:"clean", BuildDate:"2018-02-12T17:31:33Z", GoVersion:"go1.9.4", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.6", GitCommit:"6260bb08c46c31eea6cb538b34a9ceb3e406689c", GitTreeState:"clean", BuildDate:"2017-12-21T06:23:29Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}

3. What cloud provider are you using?

AWS

4. What commands did you run? What is the simplest way to reproduce this issue?

kops edit cluster CLUSTER_NAME

Added the "additionalSecurityGroups" field under api loadbalancer, just as described in https://github.com/kubernetes/kops/blob/master/docs/cluster_spec.md

Relevant config section:

  api:
    loadBalancer:
      type: Public
      additionalSecurityGroups:
      - sg-xxxxx      

5. What happened after the commands executed?

I recieved the following error message at the top of the file after attempting to save and exit:

# Found fields that are not recognized
--
# ...
#     api:
#       loadBalancer:
# +       additionalSecurityGroups:
# +       - sg-1e91e369
#         type: Public
#     authorization:
# ...

6. What did you expect to happen?

I expected the edit to succeed, allowing me to then update my cluster.

7. Please provide your cluster manifest. Execute
   kops get --name my.example.com -oyaml to display your cluster manifest.
   You may want to remove your cluster name and other sensitive information.

apiVersion: kops/v1alpha2
kind: Cluster
metadata:
  creationTimestamp: 2017-12-13T20:55:15Z
  name: CLUSTER_NAME.domain
spec:
  additionalPolicies:
    node: |-
      [
        {
          "Effect": "Allow",
          "Action": ["autoscaling:DescribeAutoScalingGroups","autoscaling:DescribeAutoScalingInstances","autoscaling:DescribeTags"],
          "Resource": ["*"]
        },
        {
          "Effect": "Allow",
          "Action": ["autoscaling:TerminateInstanceInAutoScalingGroup","autoscaling:SetDesiredCapacity"],
          "Resource": ["*"],
           "Condition": {
                "StringEquals": {
                    "autoscaling:ResourceTag/KubernetesCluster": "CLUSTER_NAME.domain"
                }
            }
        }
      ]
  api:
    loadBalancer:
      type: Public
  authorization:
    alwaysAllow: {}
  channel: stable
  cloudProvider: aws
  configBase: s3://CLUSTER_NAME.domain/CLUSTER_NAME.domain.state
  dnsZone: XXXX
  etcdClusters:
  - etcdMembers:
    - instanceGroup: master-us-east-1a
      name: a
    - instanceGroup: master-us-east-1b
      name: b
    - instanceGroup: master-us-east-1c
      name: c
    name: main
  - etcdMembers:
    - instanceGroup: master-us-east-1a
      name: a
    - instanceGroup: master-us-east-1b
      name: b
    - instanceGroup: master-us-east-1c
      name: c
    name: events
  iam:
    legacy: true
  kubernetesApiAccess:
  - 0.0.0.0/0
  kubernetesVersion: 1.8.6
  masterInternalName: api.CLUSTER_NAME.domain
  masterPublicName: api.CLUSTER_NAME.domain
  networkCIDR: 10.10.0.0/16
  networkID: vpc-XXXX
  networking:
    weave:
      mtu: 8912
  nonMasqueradeCIDR: 100.64.0.0/10
  sshAccess:
  - 0.0.0.0/0
  subnets:
  - cidr: 10.21.101.0/24
    egress: nat-XXX
    id: subnet-c53f9498
    name: us-east-1a
    type: Private
    zone: us-east-1a
  - cidr: 10.21.102.0/24
    egress: nat-XXX
    id: subnet-37205e53
    name: us-east-1b
    type: Private
    zone: us-east-1b
  - cidr: 10.21.103.0/24
    egress: nat-XXX
    id: subnet-4e59ef61
    name: us-east-1c
    type: Private
    zone: us-east-1c
  - cidr: 10.21.1.0/24
    id: subnet-1322894e
    name: utility-us-east-1a
    type: Utility
    zone: us-east-1a
  - cidr: 10.21.2.0/24
    id: subnet-37295753
    name: utility-us-east-1b
    type: Utility
    zone: us-east-1b
  - cidr: 10.21.3.0/24
    id: subnet-9247f1bd
    name: utility-us-east-1c
    type: Utility
    zone: us-east-1c
  topology:
    dns:
      type: Public
    masters: private
    nodes: private

8. Please run the commands with most verbose logging by adding the -v 10 flag.
   Paste the logs into this report, or in a gist and provide the gist link here.

9. Anything else do we need to know?

It looks like this field was added recently via #4036

------------- FEATURE REQUEST TEMPLATE --------------------

1. Describe IN DETAIL the feature/behavior/change you would like to see.

2. Feel free to provide a design supporting your feature request.

[cuzz22000]

I don't see it being added to the 1.8.1 release.

[eschneider1271]

Thanks @cuzz22000. Closing this.