We've been regularly using Cloud Run with custom domain mappings, mapping to a proxied URL from Cloudflare. The mappings and DNS records are managed in Terraform.
As of the last week or so, the domain mapping handshake from Cloudflare to GCP no longer completes. It used to take 1-2 hours, now it never finishes.
We've made no changes to our flow, and nothing has changed on the Cloudflare side. However one thing that has happened is the deprecation of Google Webmaster Tools UI (which we used to use to verify domains) for Google Search Console. We had to re-add our domains to that UI and re-add the SAs as owners.
The switch to Search Console leads me to believe something has not carried forward correctly under the hood of Cloud Run's domain mapping, since that is the only thing that has changed.
We have this same issue. It doesn't seem to be down to the webmaster UI tool changes though. If we disable Cloudflare proxying on the hostname then the mappings are created successfully. It seems that Cloudflare is interfering with the ACME HTTP-01 challenge from Google.
Update: We've tracked down the issue on Cloudflare. Cloudflare was blocking the /.well-known/acme-challenge/ requests with a Captcha. You can see this under Security > Events
We resolved the problem by adding a page rule which prevents Cloudflare from doing a browser identity check on the /.well-known/acme-challenge/*
urls