I think it depends on how big your server capacity is. Most websites on the internet are run by renting servers. Only a few companies, like Meta, Google, have their own server to host. If a server can handle a lot of traffic, it should not have any problem handling those DDoS attacks. For example, have you ever heard that Facebook or Instagram, or Google are under a DDoS attack? Probably not.
I think I have witnessed a couple of Facebook (meta apps) outages that were attributed to DDoS attacks, so not system or service is 100% immune to such attacks. What the likes of Cloudflare help with is to reduce or mitigate on widespread attacks once they happen.
I think it all comes to how powerful or determined the attacker is. Some don't seem to give up so quickly.
Yes, Cloudflare only allows to minimize it but it is still very useful for now because at least with Cloudflare as an additional strength for security, the potential for not causing a big effect or even protecting against DDoS attacks can still occur even though this can still be broken by hackers who do not easily give up to make personal profit for themselves.
But on the other hand, this is a special concern of course for service providers if in the end their site is hit by a DDoS attack several times and not a few players complain about it, then of course there must be a repair process to make this even though it may not be avoidable but can be minimized, because after all when we are on one of the sites or platforms, of course comfort is always one of the main factors considered.