etcd docs suggest running with an odd number of nodes because even membership does not improve tolerance of node failure. However, an even number of nodes can guarantee complete recovery across failure domains. If one domain is destroyed, quorum is permanently lost, but provided the members are evenly split between domains, the other domain is guaranteed to have at least one member with complete knowledge of the cluster state before failure. Therefore the cluster can be rebuilt from the other domain without losing a single proposal.
This kind of failure recovery is tedious to do by hand, but not terribly complex; software can do it with ease.
etcd docs suggest running with an odd number of nodes because even membership does not improve tolerance of node failure. However, an even number of nodes can guarantee complete recovery across failure domains. If one domain is destroyed, quorum is permanently lost, but provided the members are evenly split between domains, the other domain is guaranteed to have at least one member with complete knowledge of the cluster state before failure. Therefore the cluster can be rebuilt from the other domain without losing a single proposal.
This kind of failure recovery is tedious to do by hand, but not terribly complex; software can do it with ease.