fix: ignore full tunnel routes from a remote cluster

examples/multi-cluster/scripts/setup.sh

@@ -32,11 +32,12 @@ DOCKER_IP=$(docker inspect \
     ${CLUSTER_NAME_PREFIX}-two-control-plane)
 sed -i "s/127\.0\.0\.1:.*$/${DOCKER_IP}:6443/g" ${KUBECONFIG_TWO}
 
-# Install each kubernetes configuration to the opposite cluster
+# Install each kubernetes configuration to the opposite cluster.
 # In a real world situation this should be a kubeconfig with
 # credentials restricted to webmesh objects only. For an example
 # see the RBAC manifests in the bundle. These are the the objects
-# provided by the bundle in the storage-provider and the CNI APIs.
+# provided by the bundles for the storage-provider and CNI APIs.
+# RBAC-only manifests can be found in each repository.
 
 kubectl --kubeconfig ${KUBECONFIG_ONE} --namespace kube-system \
         create secret generic cluster-two-credentials --from-file=kubeconfig=${KUBECONFIG_TWO}

internal/controllers/remotenetwork_controller.go

@@ -503,7 +503,11 @@ func (r *RemoteNetworkReconciler) connectWithKubeconfig(ctx context.Context, nw
 			ZoneAwarenessID: r.Host.NodeID,
 			DisableIPv4:     nw.Spec.Network.DisableIPv4,
 			DisableIPv6:     nw.Spec.Network.DisableIPv6,
-			ListenPort:      nw.Spec.Network.WireGuardPort,
+			// We don't want to use the full gateway routes broadcasted by
+			// the remote cluster because they will likely collide with our
+			// own.
+			DisableFullTunnel: true,
+			ListenPort:        nw.Spec.Network.WireGuardPort,
 			MTU: func() int {
 				if nw.Spec.Network.MTU > 0 {
 					return nw.Spec.Network.MTU