@gorgeous-egg-16927 What's a good way to handle pre-existing resources that I don't want to import to be pulumi managed but that I want to delete to clear the way for pulumi managed resources? Specifically, looking at https://docs.aws.amazon.com/eks/latest/userguide/windows-support.html, which is kind of a mess:

vpc-resource-controller-role

cluster role,

vpc-resource-controller-role-binding

cluster role binding, and

vpc-resource-controller

service account already exist after standing up a new eks cluster, while the

vpc-resource-controller

deployment does not exist, but the cluster role is different from the guide's download link and is missing config map access (so needs modification anyway), ... so I want to delete the lot iff they exist (and not managed by pulumi) and create new ones with consistent

vpc-resource-controller

names throughout, which would leave duplicates for cluster role and cluster role binding and clashes with the service account if I can't delete the pre-existing ones first. 🤔

What don’t you just use the k8s sdk to do that ? I had a similar issue with updating the existing aws-auth in an eks cluster and that’s how I solved it.

Yeah, don’t have computer in front of me to get the link, but the EKS lib does something like that using a dynamic provider to update an existing configmap

Yeah I commented on that issue, ~1 year ago now, with a need for read-modify-write of external resources (not managed by pulumi)