diff --git a/examples/cluster/cluster-kubeconfig.yaml b/examples/cluster/cluster-kubeconfig.yaml
index 64bd957..1a93540 100644
--- a/examples/cluster/cluster-kubeconfig.yaml
+++ b/examples/cluster/cluster-kubeconfig.yaml
@@ -2,14 +2,38 @@
 apiVersion: cluster.argocd.crossplane.io/v1alpha1
 kind: Cluster
 metadata:
-  name: example-cluster-kubeconfig
+  name: upbound-saas-byoc
 spec:
   forProvider:
-    name: example-cluster-kubeconfig
+    name: upbound-saas-byoc
     config:
       kubeconfigSecretRef:
-        name: cluster-conn 
-        namespace: crossplane-system
+        name: upbound-saas-byoc
+        namespace: upbound-system
         key: kubeconfig
-  providerConfigRef:
-    name: argocd-provider
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: upbound-saas-byoc
+  namespace: upbound-system
+type: Opaque
+stringData:
+  kubeconfig: |
+    apiVersion: v1
+    clusters:
+    - cluster:
+        server: https://proxy.upbound.io/v1/controlPlanes/upbound/saas-byoc/k8s
+      name: upbound-upbound-saas-byoc
+    contexts:
+    - context:
+        cluster: upbound-upbound-saas-byoc
+        user: upbound-upbound-saas-byoc
+      name: upbound-upbound-saas-byoc
+    current-context: upbound-upbound-saas-byoc
+    kind: Config
+    preferences: {}
+    users:
+    - name: upbound-upbound-saas-byoc
+      user:
+        token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMmJlMTVjNi1hZWIwLTRkNDQtYTMyZi1kMWYwZWIxNDhmYTkiLCJzdWIiOiJ1c2VyfDMwOTYifQ.fEgH3KCWVUW3fs9t2nO1NR0s5DUu9c9EgKinQaLrEQCWd9-9gyWeWTmEDMqBkDQThP-r5TqsuWuXxXnOhEfLBJE_RBwAphKqbcmGwxDokhYycgXWwW5dzGMLLX08OwnR9xIPHKfaBbawA-cIDZrqyE516qcb5RqHmfzOW8ouDdjBCUwOkvjXYFTu8zRkPaVZHo9Yh4FHrgJIuljuo9Kn8-1qZ3J1xQ33Bgwwg3xkfCFcXYabbsysnGuwSkEJIW0xGcBD2Gkji5RekLX0wKHsG4QunY6gSnoGIKOc40pvC1VlRFPFctbJY2J57cv4lyu4T95rzUyXWjhJRhDEo1bIbw
\ No newline at end of file
diff --git a/examples/cluster/cluster.yaml b/examples/cluster/cluster.yaml
index 4f5c269..54ba4e5 100644
--- a/examples/cluster/cluster.yaml
+++ b/examples/cluster/cluster.yaml
@@ -2,13 +2,13 @@
 apiVersion: cluster.argocd.crossplane.io/v1alpha1
 kind: Cluster
 metadata:
-  name: example-cluster
+  name: test-123
 spec:
   forProvider:
-    server: https://kubernetes.default.svc
-    name: example-cluster
+    server: https://proxy.upbound.io
+    name: test-123
     config:
       tlsClientConfig:
         insecure: true
-  providerConfigRef:
-    name: argocd-provider
+  # providerConfigRef:
+  #   name: argocd-provider
diff --git a/pkg/controller/cluster/controller.go b/pkg/controller/cluster/controller.go
index ee4db0c..91f92fe 100644
--- a/pkg/controller/cluster/controller.go
+++ b/pkg/controller/cluster/controller.go
@@ -113,11 +113,26 @@ func (e *external) Observe(ctx context.Context, mg resource.Managed) (managed.Ex
 	observedCluster, err := e.client.Get(ctx, &clusterQuery)
 	if err != nil {
 		switch {
-		case cluster.IsErrorClusterNotFound(err),
-			cluster.IsErrorPermissionDenied(err) && meta.WasDeleted(cr):
+		case cluster.IsErrorClusterNotFound(err):
+			// Case: Cluster not found
 			return managed.ExternalObservation{}, nil
+
+		case cluster.IsErrorPermissionDenied(err):
+			if meta.WasDeleted(cr) {
+				// Case: Cluster is deleted,
+				// and the managed resource has a deletion timestamp
+				return managed.ExternalObservation{}, nil
+			}
+			// Case: Cluster is deleted via argocd-ui,
+			// but the managed resource still exists
+			return managed.ExternalObservation{
+				ResourceExists: false,
+			}, nil
+
+		default:
+			// Default case: Handle other errors
+			return managed.ExternalObservation{}, errors.Wrap(err, errGetFailed)
 		}
-		return managed.ExternalObservation{}, errors.Wrap(err, errGetFailed)
 	}
 	if meta.WasDeleted(cr) && meta.GetExternalName(cr) != observedCluster.Name {
 		// ArgoCD Cluster resource ignores the name field. This detects the deletion of the default cluster resource.