Default and custom CA certificates

Hello,

I’d like to ask, what certificate do you use as the CA for your K8S setups.

Is that just a self-signed one that is automatically generated by kubeadm?

Or you usually to generate such CA by yourself and then provide it to a new K8S cluster? If so - is that just a self-signed certificate with the CA extensions or this is something more “sophisticated”?

Thank you in advance for your replies.