Kata Containers vs gVisor?

As I understand, Kata Containers

Kata Container build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers but provide the workload isolation and security advantages of VMs

On the other hand, gvisor

gVisor is a user-space kernel for containers. It limits the host kernel surface accessible to the application while still giving the application access to all the features it expects.

As I believe, both of these technology trying to add linux space into containers in order to enhance security.

My question is How do they differ from each other ? Is there overlapping in functionalities?

Solution

From what I gather:

Kata Containers

Full Kernel on top of a lightweight QEMU/KVM VM
- Kernel has been optimized in newer releases.
Lets system calls go through freely
Performance penalty due to the VM layer. Not clear yet how slower or faster than gVisor
On paper, slower startup time.
Can run any application.
Can run in nested virtualized environments if the hypervisor and hardware support it.

gVisor

Partial Kernel in userspace.
Intercepts syscalls
Performance penalty at runtime due to syscall filtering. Not clear how slower or faster than Kata yet.
On paper, faster startup time.
Can run only applications that use supported system calls.
On paper, you may not need nested virtualization.