Make sure to benchmark your workload first -- gVisor's I/O subsystem is a lot slower than the Linux kernel's, so a VM can be materially faster if you're doing a lot of filesystem operations or file I/O.
One of the systems I built at a former employer supported both gVisor and Firecracker for isolation, and the gVisor version was 10-50x slower for a specific class of workload that did ~millions of stat() calls at startup.
One of the systems I built at a former employer supported both gVisor and Firecracker for isolation, and the gVisor version was 10-50x slower for a specific class of workload that did ~millions of stat() calls at startup.