Once you introduce an istio sidecar proxy into your deployment, it becomes another point at which you might need to troubleshoot network connectivity to the primary container.
Assuming you have deployed a pod with an app label “helloworld” in the default namespace listening on port 5000, you can use a command like the following to exec into its sidecar container and issue a curl command to the primary container.
kubectl exec $(kubectl get pods -n default -l app=helloworld -o jsonpath="{.items[].metadata.name}") -c istio-proxy -- curl -sSvk http://helloworld:5000/hello
The flag indicate silence except for errors with certificate checking off and verbosity for headers.
REFERENCES
istio reference, ingress sni page that describes this method of curl directly from istio sidecar