One of the limitations that wasn't immediately obvious to me is that you're mapping a single domain with these tunnels. So you cannot easily make *.example.com available via a cloudflare tunnel. (and when I tried it it wasn't possible with ngrok either, perhaps that changed)
I ended up switching to a business connection with my ISP, so I could get an extra fixed IPv4 address at my house and not need any of these tunnels. Obviously that is not an option everywhere.
Yes, we made it easier a while back. Now you can map customname.ngrok.io to your tunnel with a command line switch. If you want to use a CNAME, it's a similar switch, a dashboard entry, and an update to your DNS entries. I did it on my own domain in a couple minutes, flushed the DNS records, and had it routable in ~15 minutes. The full docs are here: https://ngrok.com/docs#http-custom-domains
The ingress example with multiple subdomains and a default service seem to suggest one can host more than one subdomain. It would require setting your tunnel DNS on the Cloudflare side to point all of them to the tunnel.
As a matter of fact, I have a 4-node kubernetes cluster running at home which is exposed through a CloudFlare tunnel on the internet. Works like a charm, and you don’t have issues with firewalls, NAT, and/or dynamic IPs.
I ended up switching to a business connection with my ISP, so I could get an extra fixed IPv4 address at my house and not need any of these tunnels. Obviously that is not an option everywhere.