diff --git a/roles/multi-node-known-hosts/library/generate_all_known_hosts.py b/roles/multi-node-known-hosts/library/generate_all_known_hosts.py
index 98106925f..fb5961b52 100644
--- a/roles/multi-node-known-hosts/library/generate_all_known_hosts.py
+++ b/roles/multi-node-known-hosts/library/generate_all_known_hosts.py
@@ -37,6 +37,14 @@ def main():
         public_keys = [x for x in this.keys() if
                        x.startswith('ansible_ssh_host_key')]
 
+        addresses = [this['ansible_host']]
+        nodepool = this.get('nodepool', {})
+        for nodepool_address in (
+                'interface_ip', 'public_ipv4', 'private_ipv4', 'public_ipv6'):
+            address = nodepool.get(nodepool_address)
+            if address:
+                addresses.append(address)
+
         for iface in this.get('ansible_interfaces', []):
             iface_key = 'ansible_{}'.format(iface.replace('-', '_'))
             ipv4 = this[iface_key].get('ipv4')
@@ -45,31 +53,32 @@ def main():
             ipv6 = this[iface_key].get('ipv6')
             if not isinstance(ipv6, list):
                 ipv6 = [ipv6]
-            addresses = [x['address'] for x in ipv4 if x and not
-                         x['address'].startswith('127.')]
+            addresses += [x['address'] for x in ipv4 if x and not
+                          x['address'].startswith('127.')]
             addresses += [y['address'] for y in ipv6 if y and not
                           y['scope'] == 'host']
             addresses += [this['ansible_hostname']]
-            for addr in addresses:
-                for key in public_keys:
-                    if key.endswith('rsa_public'):
-                        key_type = 'ssh-rsa'
-                    elif key.endswith('ecdsa_public'):
-                        # XXX This will not work with > 256 bit ecdsa keys
-                        # until https://github.com/ansible/ansible/issues/28325
-                        # is fixed. We're using the proposed scheme in case it
-                        # does merge as-is, but it may need to be updated if
-                        # the patch is changed as well.
-                        key_type = this.get('{}_type'.format(key),
-                                            'ecdsa-sha2-nistp256')
-                    elif key.endswith('ed25519_public'):
-                        key_type = 'ssh-ed25519'
-                    else:
-                        continue
-                    known_hosts.add(
-                        '{addr} {key_type} {key}'.format(addr=addr,
-                                                         key_type=key_type,
-                                                         key=this[key]))
+
+        for addr in set(addresses):
+            for key in public_keys:
+                if key.endswith('rsa_public'):
+                    key_type = 'ssh-rsa'
+                elif key.endswith('ecdsa_public'):
+                    # XXX This will not work with > 256 bit ecdsa keys
+                    # until https://github.com/ansible/ansible/issues/28325
+                    # is fixed. We're using the proposed scheme in case it
+                    # does merge as-is, but it may need to be updated if
+                    # the patch is changed as well.
+                    key_type = this.get('{}_type'.format(key),
+                                        'ecdsa-sha2-nistp256')
+                elif key.endswith('ed25519_public'):
+                    key_type = 'ssh-ed25519'
+                else:
+                    continue
+                known_hosts.add(
+                    '{addr} {key_type} {key}'.format(addr=addr,
+                                                     key_type=key_type,
+                                                     key=this[key]))
 
     ret = {
         'ansible_facts': {