kops: dns-controller deployment not updated when setting externalDns.watchIngress: true

1. What kops version are you running? The command kops version, will display this information.

1.8.0

2. What Kubernetes version are you running? kubectl version will print the version if a cluster is running or provide the Kubernetes version specified as a kops flag.

1.8.6

3. What cloud provider are you using?

AWS

4. What commands did you run? What is the simplest way to reproduce this issue?

$ kops edit cluster

# Set the following:
spec:
  externalDns:
    watchIngress: true

$ kops update cluster --yes
# The cluster manifests should have an updated dns-controller with arg --watch-ingress=true

$ kops rolling-update cluster --yes 
# kops says a rolling-update isn't needed

$ kubectl -n kube-system get deploy dns-controller -o yaml
# The deployment isn't updated and still shows --watch-ingress=false

5. What happened after the commands executed? The manifests were updated, but the dns-controller deployment wasn’t.

6. What did you expect to happen? I expect any service settings updated through kops to be reflected in their respective deployments, daemonsets, etc.

7. Please provide your cluster manifest.

# I've removed any irrelevant settings
apiVersion: kops/v1alpha2
kind: Cluster
metadata:
  name: cluster.example.com
spec:
  api:
    loadBalancer:
      type: Public
  authorization:
    rbac: {}
  channel: stable
  cloudProvider: aws
  externalDns:
    watchIngress: true
  iam:
    allowContainerRegistry: true
    legacy: false
  kubernetesVersion: 1.8.6
  masterInternalName: api.cluster.example.com
  masterPublicName: api.cluster.example.com
  networking:
    cni: {}
  topology:
    bastion:
      bastionPublicName: bastion.cluster.example.com
    dns:
      type: Public
    masters: private
    nodes: private